From 4f3835f45df4812135f16f388794649655538b30 Mon Sep 17 00:00:00 2001 From: Guillaume Mazoyer Date: Mon, 8 Sep 2014 10:26:57 +0200 Subject: Improve output filters. Fix filters that could lead to filtered HTML output. Do not remove empty lines anymore, except for the last line. Do not try to loop over each line of the output if no filter are defined. --- execute.php | 35 +---------------------------------- includes/config.defaults.php | 3 +++ routers/router.php | 38 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 40 insertions(+), 36 deletions(-) diff --git a/execute.php b/execute.php index 26e91af..18c5051 100644 --- a/execute.php +++ b/execute.php @@ -30,39 +30,6 @@ if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $requester = $_SERVER['REMOTE_ADDR']; } -function process_output($output) { - global $config; - - $return = ''; - - foreach (preg_split("/((\r?\n)|(\r\n?))/", $output) as $line) { - // Get rid of empty lines - if (empty($line)) { - continue; - } - - $valid = true; - - if (isset($config['filters'])) { - foreach ($config['filters'] as $filter) { - // Line has been marked as invalid - // Or filtered based on the configuration - if (!$valid || (preg_match($filter, $line) === 1)) { - $valid = false; - break; - } - } - } - - if ($valid) { - // The line is valid, print it - $return .= $line."\n"; - } - } - - return $return; -} - // Obvious spam if (!isset($_POST['dontlook']) || !empty($_POST['dontlook'])) { log_to_file('Spam detected from '.$requester.'.'); @@ -93,7 +60,7 @@ if (isset($_POST['query']) && !empty($_POST['query']) && if (isset($output)) { // Display the result of the command - $data = array('result' => process_output($output)); + $data = array('result' => $output); } else { // Display the error $data = array('error' => $error); diff --git a/includes/config.defaults.php b/includes/config.defaults.php index aca58ff..eb411f7 100644 --- a/includes/config.defaults.php +++ b/includes/config.defaults.php @@ -23,6 +23,9 @@ $config = array( 'order' => array('routers', 'commands', 'parameters', 'buttons') ), + // Filters + 'filters' => array(), + // Misc 'misc' => array( // Logs file when commands will be written diff --git a/routers/router.php b/routers/router.php index 74407c2..f715905 100644 --- a/routers/router.php +++ b/routers/router.php @@ -39,6 +39,39 @@ abstract class Router { $this->requester = $requester; } + private function process_output($output) { + global $config; + + // No filters defined + if (count($config['filters']) < 1) { + return preg_replace('/(?:\n|\r\n|\r)$/D', '', $output); + } + + $filtered = ''; + + foreach (preg_split("/((\r?\n)|(\r\n?))/", $output) as $line) { + $valid = true; + + if (isset($config['filters'])) { + foreach ($config['filters'] as $filter) { + // Line has been marked as invalid + // Or filtered based on the configuration + if (!$valid || (preg_match($filter, $line) === 1)) { + $valid = false; + break; + } + } + } + + if ($valid) { + // The line is valid, print it + $filtered .= $line."\n"; + } + } + + return preg_replace('/(?:\n|\r\n|\r)$/D', '', $filtered); + } + protected abstract function build_commands($command, $parameters); public function send_command($command, $parameters) { @@ -55,8 +88,9 @@ abstract class Router { foreach ($commands as $selected) { $data .= '

Command: '.$selected.'

'; - $data .= '
'.$auth->send_command($selected).
-          '
'; + $data .= '
';
+        $data .= $this->process_output($auth->send_command($selected));
+        $data .= '
'; log_to_file('[client: '.$this->requester.'] '.$this->config['host']. '> '.$selected); } -- cgit v1.2.3