aboutsummaryrefslogtreecommitdiffstats
path: root/packages
diff options
context:
space:
mode:
authorD. V. Serg <dvserg@pfsense.org>2008-10-05 13:41:20 +0000
committerD. V. Serg <dvserg@pfsense.org>2008-10-05 13:41:20 +0000
commit43d9fe3901e595bf902a93ab40987144ba70a9f8 (patch)
tree7780a1f7fdc84022ee5b72ff67e801daa73080ef /packages
parent13418f948cc7adcda91d6b728f55a70c74cd611d (diff)
downloadpfsense-packages-43d9fe3901e595bf902a93ab40987144ba70a9f8.tar.gz
pfsense-packages-43d9fe3901e595bf902a93ab40987144ba70a9f8.tar.bz2
pfsense-packages-43d9fe3901e595bf902a93ab40987144ba70a9f8.zip
Fixed Destinations URL validation bug
Diffstat (limited to 'packages')
-rw-r--r--packages/squidGuard/sgerror.php56
-rw-r--r--packages/squidGuard/squidguard_configurator.inc18
2 files changed, 64 insertions, 10 deletions
diff --git a/packages/squidGuard/sgerror.php b/packages/squidGuard/sgerror.php
index 7e3b5c6c..8084c5c3 100644
--- a/packages/squidGuard/sgerror.php
+++ b/packages/squidGuard/sgerror.php
@@ -140,16 +140,24 @@ if ($url) {
}
# blank page
- if ($url === 'blank') {
+ if ($url === TAG_BLANK) {
echo get_page('');
}
# blank image
elseif ($url === TAG_BLANK_IMG) {
- # --------------------------------------------------------------
- # return blank image
- # --------------------------------------------------------------
- header("Content-Type: image/gif;"); // charset=windows-1251");
- echo GIF_BODY;
+ $msg = trim($msg);
+ if(strpos($msg, "maxlen_") !== false) {
+ $maxlen = intval(trim(str_replace("maxlen_", "", $url)));
+ filter_by_image_size($cl['u'], $maxlen);
+ exit();
+ }
+ else {
+ # --------------------------------------------------------------
+ # return blank image
+ # --------------------------------------------------------------
+ header("Content-Type: image/gif;"); // charset=windows-1251");
+ echo GIF_BODY;
+ }
}
# error code
elseif ($err_id !== 0) {
@@ -237,4 +245,40 @@ function get_about() {
return implode("\n", $str);
}
+
+function filter_by_image_size($url, $val_size) {
+
+ # load url header
+ $ch = curl_init();
+ curl_setopt($ch, CURLOPT_URL, $url);
+ curl_setopt($ch, CURLOPT_HEADER, 1);
+ curl_setopt($ch, CURLOPT_NOBODY, 1);
+ curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+ $hd = curl_exec($ch);
+ curl_close($ch);
+
+ $size = 0;
+ $SKEY = "content-length:";
+ $s_tmp = strtolower($hd);
+ $s_tmp = str_replace("\n", " ", $s_tmp); # replace all "\n"
+ if (strpos($s_tmp, $SKEY) !== false) {
+ $s_tmp = trim(substr($s_tmp, strpos($s_tmp, $SKEY) + strlen($SKEY)));
+ $s_tmp = trim(substr($s_tmp, 0, strpos($s_tmp, " ")));
+ if (is_numeric($s_tmp))
+ $size = intval($s_tmp);
+ else $size = 0;
+ }
+
+ # === check url type and content size ===
+ # redirect to specified url
+ if (($size !== 0) && ($size < $val_size)) {
+ header("HTTP/1.0");
+ header("Location: $url", '', 302);
+ }
+ # return blank image
+ else {
+ header("Content-Type: image/gif;");
+ echo GIF_BODY;
+ }
+}
?> \ No newline at end of file
diff --git a/packages/squidGuard/squidguard_configurator.inc b/packages/squidGuard/squidguard_configurator.inc
index 754cbc32..b359fa0a 100644
--- a/packages/squidGuard/squidguard_configurator.inc
+++ b/packages/squidGuard/squidguard_configurator.inc
@@ -1069,8 +1069,8 @@ function sg_redirector_base_url($rdr_info, $redirect_mode)
case RMOD_EXT_RDR: $rdr_path = "$rdr_info"; break;
case RMOD_EXT_MOVED: $rdr_path = "301:$rdr_info"; break;
case RMOD_EXT_FOUND: $rdr_path = "302:$rdr_info"; break;
- case RMOD_INT_BLANKPAGE: $rdr_path .= "?url=blank"; break;
- case RMOD_INT_BLANKIMG: $rdr_path .= "?url=blank_img"; break;
+ case RMOD_INT_BLANKPAGE: $rdr_path .= "?url=blank&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break;
+ case RMOD_INT_BLANKIMG: $rdr_path .= "?url=blank_img&msg=" . rawurlencode($rdr_info) . REDIRECT_URL_ARGS; break;
case RMOD_INT_SIZELIMIT: $rdr_path .= "?url=maxlen_$rdr_info" . REDIRECT_URL_ARGS; break;
case RMOD_INT_ERRORPAGE:
default: $rdr_path .= "?url=" . rawurlencode("403 $rdr_info") . REDIRECT_URL_ARGS; break;
@@ -1746,6 +1746,16 @@ function is_url($url)
if (eregi("^((30[1235]{1})|(40[0-9]{1})|(41[0-7]{1})|(50[0-5]{1}))", $url)) return true; # http error code 30x, 4xx, 50x.
return false;
}
+
+# url as 'domain/path': 'mydomain.com/index.php'
+function is_dest_url($url)
+{
+ $fmt = "[a-zA-Z0-9_-]";
+
+ if (empty($url)) return false;
+ if (eregi("^(($fmt){1,}\.){1,}($fmt){2,}(/(.[^\*][^ ])*)", $url)) return true;
+ return false;
+}
# ------------------------------------------------------------------------------
# is_masksubnet - check ip/mask
# ------------------------------------------------------------------------------
@@ -1890,7 +1900,7 @@ function sg_check_dest($sgx, $input_errors)
# url
foreach ($ur as $u_it)
- if ($u_it && !is_url($u_it)) $elog[] = "Item '$u_it' is not a url";
+ if ($u_it && !is_dest_url($u_it)) $elog[] = "Item '$u_it' is not a url.";
# check redirect
sg_check_redirect($sgx[FLD_RMOD], $sgx[FLD_REDIRECT], &$elog);
@@ -2089,4 +2099,4 @@ class TSgTag
}
}
-?> \ No newline at end of file
+?>