From 007a03b8d40045e2fae7cf4f1b60d7a5a272d6fb Mon Sep 17 00:00:00 2001 From: RainLoop Team Date: Mon, 16 Nov 2015 21:51:12 +0300 Subject: [PATCH] Additional securty fixes --- .../app/libraries/MailSo/Base/HtmlUtils.php | 33 +++++++++---------- .../0.0.0/app/libraries/RainLoop/Actions.php | 3 +- .../v/0.0.0/app/libraries/RainLoop/Api.php | 4 +++ .../libraries/RainLoop/Config/Application.php | 1 + .../v/0.0.0/app/libraries/RainLoop/Utils.php | 14 ++++++-- 5 files changed, 35 insertions(+), 20 deletions(-) diff --git a/rainloop/v/0.0.0/app/libraries/MailSo/Base/HtmlUtils.php b/rainloop/v/0.0.0/app/libraries/MailSo/Base/HtmlUtils.php index bb9a2e419..a59914915 100644 --- a/rainloop/v/0.0.0/app/libraries/MailSo/Base/HtmlUtils.php +++ b/rainloop/v/0.0.0/app/libraries/MailSo/Base/HtmlUtils.php @@ -865,24 +865,23 @@ class HtmlUtils $oElement->setAttribute('tabindex', '-1'); } - foreach (array( - 'id', 'class', - 'contenteditable', 'designmode', 'formaction', - 'data-bind', 'data-reactid', 'xmlns', 'srcset', - 'data-x-skip-style' - ) as $sAttr) + if ($oElement->hasAttributes() && isset($oElement->attributes) && $oElement->attributes) { - @$oElement->removeAttribute($sAttr); - } - - foreach (array( - 'load', 'blur', 'error', 'focus', 'formchange', 'change', - 'click', 'dblclick', 'keydown', 'keypress', 'keyup', - 'mousedown', 'mouseenter', 'mouseleave', 'mousemove', 'mouseout', 'mouseover', 'mouseup', - 'move', 'resize', 'resizeend', 'resizestart', 'scroll', 'select', 'submit', 'upload' - ) as $sAttr) - { - @$oElement->removeAttribute('on'.$sAttr); + foreach ($oElement->attributes as $oAttr) + { + if ($oAttr && !empty($oAttr->nodeName)) + { + $sAttrName = \trim(\strtolower($oAttr->nodeName)); + if ('on' === \substr($sAttrName, 0, 2) || in_array($sAttrName, array( + 'id', 'class', 'contenteditable', 'designmode', 'formaction', + 'data-bind', 'data-reactid', 'xmlns', 'srcset', 'data-x-skip-style', + 'fscommand', 'seeksegmenttime' + ))) + { + @$oElement->removeAttribute($oAttr->nodeName); + } + } + } } if ($oElement->hasAttribute('href')) diff --git a/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php b/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php index c74ca0eae..f175c0b83 100644 --- a/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php +++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Actions.php @@ -9182,7 +9182,8 @@ class Actions */ private function mainDefaultResponse($sActionName, $mResult = false, $aAdditionalParams = array()) { - $sActionName = 'Do' === substr($sActionName, 0, 2) ? substr($sActionName, 2) : $sActionName; + $sActionName = 'Do' === \substr($sActionName, 0, 2) ? \substr($sActionName, 2) : $sActionName; + $sActionName = \preg_replace('/[^a-zA-Z0-9_]+/', '', $sActionName); $aResult = array( 'Action' => $sActionName, diff --git a/rainloop/v/0.0.0/app/libraries/RainLoop/Api.php b/rainloop/v/0.0.0/app/libraries/RainLoop/Api.php index 6431d231f..04af66ea2 100644 --- a/rainloop/v/0.0.0/app/libraries/RainLoop/Api.php +++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Api.php @@ -112,6 +112,10 @@ class Api $sSslCapath = \RainLoop\Api::Config()->Get('ssl', 'capath', ''); \RainLoop\Utils::$CookieDefaultPath = \RainLoop\Api::Config()->Get('labs', 'cookie_default_path', ''); + if (\RainLoop\Api::Config()->Get('labs', 'cookie_default_secure', false)) + { + \RainLoop\Utils::$CookieDefaultSecure = true; + } if (!empty($sSslCafile) || !empty($sSslCapath)) { diff --git a/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php b/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php index 35ef4d076..f01f680c7 100644 --- a/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php +++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Config/Application.php @@ -355,6 +355,7 @@ Enables caching in the system'), 'use_local_proxy_for_external_images' => array(false), 'detect_image_exif_orientation' => array(true), 'cookie_default_path' => array(''), + 'cookie_default_secure' => array(false), 'startup_url' => array(''), 'emogrifier' => array(true), 'dev_email' => array(''), diff --git a/rainloop/v/0.0.0/app/libraries/RainLoop/Utils.php b/rainloop/v/0.0.0/app/libraries/RainLoop/Utils.php index d2a375a63..ebe79dab2 100644 --- a/rainloop/v/0.0.0/app/libraries/RainLoop/Utils.php +++ b/rainloop/v/0.0.0/app/libraries/RainLoop/Utils.php @@ -9,6 +9,11 @@ class Utils */ static $CookieDefaultPath = ''; + /** + * @var bool|null + */ + static $CookieDefaultSecure = null; + static $Cookies = null; static $RSA = null; @@ -530,7 +535,7 @@ class Utils return isset(\RainLoop\Utils::$Cookies[$sName]) ? \RainLoop\Utils::$Cookies[$sName] : $mDefault; } - public static function SetCookie($sName, $sValue = '', $iExpire = 0, $sPath = null, $sDomain = null, $sSecure = null, $bHttpOnly = true) + public static function SetCookie($sName, $sValue = '', $iExpire = 0, $sPath = null, $sDomain = null, $bSecure = null, $bHttpOnly = true) { if (null === \RainLoop\Utils::$Cookies) { @@ -543,8 +548,13 @@ class Utils $sPath = $sPath && 0 < \strlen($sPath) ? $sPath : null; } + if (null === $bSecure) + { + $bSecure = \RainLoop\Utils::$CookieDefaultSecure; + } + \RainLoop\Utils::$Cookies[$sName] = $sValue; - @\setcookie($sName, $sValue, $iExpire, $sPath, $sDomain, $sSecure, $bHttpOnly); + @\setcookie($sName, $sValue, $iExpire, $sPath, $sDomain, $bSecure, $bHttpOnly); } public static function ClearCookie($sName)