aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/bbcode.php55
-rwxr-xr-xinclude/text.php4
2 files changed, 59 insertions, 0 deletions
diff --git a/include/bbcode.php b/include/bbcode.php
index 2e2faddd6..bd2c7d11a 100644
--- a/include/bbcode.php
+++ b/include/bbcode.php
@@ -262,6 +262,56 @@ function rpost_callback($match) {
}
}
+function bb_sanitize_style($input) {
+ //whitelist property limits (0 = no limitation)
+ $w = array( // color properties
+ "color" => 0,
+ "background-color" => 0,
+ // box properties
+ "padding" => array("px"=>100, "%"=>0, "em"=>2, "ex"=>2, "mm"=>0, "cm"=>0, "in"=>0, "pt"=>0, "pc"=>0),
+ "margin" => array("px"=>100, "%"=>0, "em"=>2, "ex"=>2, "mm"=>0, "cm"=>0, "in"=>0, "pt"=>0, "pc"=>0),
+ "border" => array("px"=>100, "%"=>0, "em"=>2, "ex"=>2, "mm"=>0, "cm"=>0, "in"=>0, "pt"=>0, "pc"=>0),
+ "float" => 0,
+ "clear" => 0,
+ // text properties
+ "text-decoration" => 0,
+
+ );
+
+ $css_string = $input[1];
+ $a = explode(';',$css_string);
+ foreach($a as $parts){
+ list($k, $v) = explode(':', $parts);
+ $css[ trim($k) ] = trim($v);
+ }
+
+ // sanitize properties
+ $b = array_merge(array_diff_key($css, $w), array_diff_key($w, $css));
+ $css = array_diff_key($css, $b);
+
+ foreach($css as $key => $value) {
+ if($w[$key] != null) {
+ foreach($w[$key] as $limit_key => $limit_value) {
+ //sanitize values
+ if(strpos($value, $limit_key)) {
+ $value = preg_replace_callback(
+ "/(\S.*?)$limit_key/ism",
+ function($match) use($limit_value, $limit_key) {
+ if($match[1] > $limit_value) {
+ return $limit_value . $limit_key;
+ } else {
+ return $match[1] . $limit_key;
+ }
+ },
+ $value
+ );
+ }
+ }
+ }
+ $css_string_san .= $key . ":" . $value ."; ";
+ }
+ return "<span style=\"" . $css_string_san . "\">" . $input[2] . "</span>";
+}
// BBcode 2 HTML was written by WAY2WEB.net
// extended to work with Mistpark/Friendica/Red - Mike Macgirvin
@@ -576,6 +626,11 @@ function bbcode($Text,$preserve_nl = false, $tryoembed = true) {
$Text = preg_replace("/\[zmg\=([0-9]*)x([0-9]*) float=right\](.*?)\[\/zmg\]/ism", '<img class="zrl" src="$3" style="width: $1px; float: right;" alt="' . t('Image/photo') . '" >', $Text);
}
+ // style (sanitized)
+ if (strpos($Text,'[/style]') !== false) {
+ $Text = preg_replace_callback("(\[style=(.*?)\](.*?)\[\/style\])ism", "bb_sanitize_style", $Text);
+ }
+
// crypt
if (strpos($Text,'[/crypt]') !== false) {
$x = random_string();
diff --git a/include/text.php b/include/text.php
index 266d8952b..2b334068f 100755
--- a/include/text.php
+++ b/include/text.php
@@ -565,6 +565,10 @@ function get_tags($s) {
$s = preg_replace('/\[code\](.*?)\[\/code\]/sm','',$s);
+ // ignore anything in [style= ]
+
+ $s = preg_replace('/\[style=(.*?)\]/sm','',$s);
+
// Match full names against @tags including the space between first and last
// We will look these up afterward to see if they are full names or not recognisable.