Module: website Branch: master Commit: 5cd195b1ac9ff47e92b8b31526212c4915be048e URL: https://source.winehq.org/git/website.git/?a=commit;h=5cd195b1ac9ff47e92b8b3...
Author: Kyle Auble kauble7@gmail.com Date: Sat May 12 20:21:31 2018 -0400
Tighten up URL validation in news plugin
From d3a7af7eca5c14ec48202eef65e3d8eb55aee459 Mon Sep 17 00:00:00 2001
From: Kyle Auble kauble7@gmail.com Date: Thu, 10 May 2018 17:19:24 -0400 Subject: [PATCH website] Tighten up URL validation in news plugin
Fixes https://bugs.winehq.org/show_bug.cgi?id=44764
Signed-off-by: Kyle Auble kauble7@gmail.com Signed-off-by: Jeremy Newman jnewman@codeweavers.com
---
include/plugins/news.php | 59 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 47 insertions(+), 12 deletions(-)
diff --git a/include/plugins/news.php b/include/plugins/news.php index 3d78b74..94f18e3 100644 --- a/include/plugins/news.php +++ b/include/plugins/news.php @@ -10,19 +10,53 @@ if (!empty($_GET['lang']) and in_array($_GET['lang'], $config->languages)) $html->lang = $_GET['lang'];
-// display news based on page params -switch (true) +// Display news based on page params +// The news plugin expects a narrow range of options though... +// ... so scrub out anything except relevant values + +// If there are no potential parameters in the URL... +if (!defined('PAGE_PARAMS')) + $flag = 'default'; + +// If a specific date is referenced... +else if (preg_match("/[0-9]{10}/", PAGE_PARAMS, $matches)) +{ + $item = $matches[0] . '.xml'; + $vars = array(); + + // Ensure valid news actually exists for this date + if (file_exists($config->news_xml_path.'/'.$html->lang.'/'.$item)) + { + $vars = get_xml_tags($config->news_xml_path.'/'.$html->lang.'/'.$item, array('date', 'title', 'link', 'body')); + $flag = 'single'; + } + else if (file_exists($config->news_xml_path.'/'.$config->lang.'/'.$item)) + { + $vars = get_xml_tags($config->news_xml_path.'/'.$config->lang.'/'.$item, array('date', 'title', 'link', 'body')); + $flag = 'single'; + } + else + $flag = 'default'; +} + +// If the RSS feed is requested specifically... +else if (preg_match("/rss/", PAGE_PARAMS)) +{ + $feed = 'xml'; + $flag = 'rss'; +} + +// Anything else... +else + $flag = 'default'; + +// Now handle the details based on the control flag +switch ($flag) { // single issue view - case (defined('PAGE_PARAMS') and preg_match("/[0-9]{10}/", PAGE_PARAMS)): + case 'single':
- // get data from XML file - $item = PAGE_PARAMS . '.xml'; - $vars = array(); - if (file_exists($config->news_xml_path.'/'.$html->lang.'/'.$item)) - $vars = get_xml_tags($config->news_xml_path.'/'.$html->lang.'/'.$item, array('date', 'title', 'link', 'body')); - else - $vars = get_xml_tags($config->news_xml_path.'/'.$config->lang.'/'.$item, array('date', 'title', 'link', 'body')); + // The single flag guarantees vars already has the news path
// set open graph tags $html->meta_og['title'] = trim($vars['title']); @@ -57,12 +91,13 @@ switch (true) echo $html->template('base', 'news_row', $vars); echo $html->p($html->ahref('<span class="glyphicon glyphicon-backward"></span>', "{$html->_web_root}/news", 'class="btn btn-default"')); break; + // end single issue
// RSS view - case (defined('PAGE_PARAMS') and PAGE_PARAMS == "rss"): + case 'rss':
// get list of news items - $news = get_files($config->news_xml_path."/".$config->lang, "xml"); + $news = get_files($config->news_xml_path."/".$config->lang, $feed); $news = array_reverse ($news);
// clear cache and output the rss file