diff options
| author | Guillaume Mazoyer <respawneral@gmail.com> | 2014-09-08 10:26:57 +0200 |
|---|---|---|
| committer | Guillaume Mazoyer <respawneral@gmail.com> | 2014-09-08 10:26:57 +0200 |
| commit | 4f3835f45df4812135f16f388794649655538b30 (patch) | |
| tree | 00a4e22f87f207cccf41644e8d4098457c1e2964 | |
| parent | 07e8086e75e4c7c44cee236a54b50f99b9f1716d (diff) | |
Improve output filters.
Fix filters that could lead to filtered HTML output.
Do not remove empty lines anymore, except for the last line.
Do not try to loop over each line of the output if no filter are
defined.
| -rw-r--r-- | execute.php | 35 | ||||
| -rw-r--r-- | includes/config.defaults.php | 3 | ||||
| -rw-r--r-- | routers/router.php | 38 |
3 files changed, 40 insertions, 36 deletions
diff --git a/execute.php b/execute.php index 26e91af..18c5051 100644 --- a/execute.php +++ b/execute.php @@ -30,39 +30,6 @@ if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $requester = $_SERVER['REMOTE_ADDR']; } -function process_output($output) { - global $config; - - $return = ''; - - foreach (preg_split("/((\r?\n)|(\r\n?))/", $output) as $line) { - // Get rid of empty lines - if (empty($line)) { - continue; - } - - $valid = true; - - if (isset($config['filters'])) { - foreach ($config['filters'] as $filter) { - // Line has been marked as invalid - // Or filtered based on the configuration - if (!$valid || (preg_match($filter, $line) === 1)) { - $valid = false; - break; - } - } - } - - if ($valid) { - // The line is valid, print it - $return .= $line."\n"; - } - } - - return $return; -} - // Obvious spam if (!isset($_POST['dontlook']) || !empty($_POST['dontlook'])) { log_to_file('Spam detected from '.$requester.'.'); @@ -93,7 +60,7 @@ if (isset($_POST['query']) && !empty($_POST['query']) && if (isset($output)) { // Display the result of the command - $data = array('result' => process_output($output)); + $data = array('result' => $output); } else { // Display the error $data = array('error' => $error); diff --git a/includes/config.defaults.php b/includes/config.defaults.php index aca58ff..eb411f7 100644 --- a/includes/config.defaults.php +++ b/includes/config.defaults.php @@ -23,6 +23,9 @@ $config = array( 'order' => array('routers', 'commands', 'parameters', 'buttons') ), + // Filters + 'filters' => array(), + // Misc 'misc' => array( // Logs file when commands will be written diff --git a/routers/router.php b/routers/router.php index 74407c2..f715905 100644 --- a/routers/router.php +++ b/routers/router.php @@ -39,6 +39,39 @@ abstract class Router { $this->requester = $requester; } + private function process_output($output) { + global $config; + + // No filters defined + if (count($config['filters']) < 1) { + return preg_replace('/(?:\n|\r\n|\r)$/D', '', $output); + } + + $filtered = ''; + + foreach (preg_split("/((\r?\n)|(\r\n?))/", $output) as $line) { + $valid = true; + + if (isset($config['filters'])) { + foreach ($config['filters'] as $filter) { + // Line has been marked as invalid + // Or filtered based on the configuration + if (!$valid || (preg_match($filter, $line) === 1)) { + $valid = false; + break; + } + } + } + + if ($valid) { + // The line is valid, print it + $filtered .= $line."\n"; + } + } + + return preg_replace('/(?:\n|\r\n|\r)$/D', '', $filtered); + } + protected abstract function build_commands($command, $parameters); public function send_command($command, $parameters) { @@ -55,8 +88,9 @@ abstract class Router { foreach ($commands as $selected) { $data .= '<p><kbd>Command: '.$selected.'</kdb></p>'; - $data .= '<pre class="pre-scrollable">'.$auth->send_command($selected). - '</pre>'; + $data .= '<pre class="pre-scrollable">'; + $data .= $this->process_output($auth->send_command($selected)); + $data .= '</pre>'; log_to_file('[client: '.$this->requester.'] '.$this->config['host']. '> '.$selected); } |