CVE-2022-28545: Fix XSS vulnerability reported by ptsecurity.com (attacker tries to s… · fudforum/FUDforum@aed6966

@@ -1,6 +1,6 @@ <?php /** * copyright : © 2001-2021 Advanced Internet Designs Inc. * copyright : © 2001-2022 Advanced Internet Designs Inc. * email : [email protected] * $Id$ * @@ -38,6 +38,13 @@ function validate_email($email)
function encode_subject($text) { /* HTML entities check. */ if (strpos($subj, ‘&’) !== false) { $subj = html_entity_decode($subj); }
$text = htmlspecialchars($text); // Prevent XSS like <img src="1" onerror="alert()">
if (preg_match('![\x7f-\xff]!’, $text)) { $text = '=?{TEMPLATE: iemail_CHARSET}?B?’. base64_encode($text) .’?=’; } @@ -51,11 +58,6 @@ function send_email($from, $to, $subj, $body, $header=’’, $munge_newlines=1) return 0; }
/* HTML entities check. */ if (strpos($subj, ‘&’) !== false) { $subj = html_entity_decode($subj); }
if ($header) { $header = “\n” . str_replace("\r", '’, $header); } @@ -66,11 +68,11 @@ function send_email($from, $to, $subj, $body, $header=’’, $munge_newlines=1) $addronly = preg_replace('/.*</’, '<’, $from); // RFC 2822 Return-Path: <…> $header = 'From: '. $from ."\nReturn-Path: ". $addronly ."\nUser-Agent: FUDforum/". $GLOBALS[‘FORUM_VERSION’] . $extra_header . $header;
$subj = encode_subject($subj); $body = str_replace("\r", '’, $body); if ($munge_newlines) { $body = str_replace('\n’, "\n", $body); } $subj = encode_subject($subj);
// Call PRE mail plugins. if (defined(‘plugins’)) { @@ -90,7 +92,7 @@ function send_email($from, $to, $subj, $body, $header=’’, $munge_newlines=1) } $smtp = new fud_smtp; $smtp->msg = str_replace(array('\n’, “\n.”), array("\n", “\n…”), $body); $smtp->subject = encode_subject($subj); $smtp->subject = $subj; $smtp->to = $to; $smtp->from = $from; $smtp->headers = $header;