From b8806cccdfa235ee98ddd00d26df34db63e12604 Mon Sep 17 00:00:00 2001 From: skodak Date: Wed, 3 Jan 2007 23:35:03 +0000 Subject: [PATCH] Adobe Acrobat JavaScript Execution Bug SC#346 --- lib/filelib.php | 6 ++++++ lib/weblib.php | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/lib/filelib.php b/lib/filelib.php index 9e780a17db..85f54b0878 100644 --- a/lib/filelib.php +++ b/lib/filelib.php @@ -255,6 +255,12 @@ function send_file($path, $filename, $lifetime=86400 , $filter=0, $pathisstring= $lastmodified = $pathisstring ? time() : filemtime($path); $filesize = $pathisstring ? strlen($path) : filesize($path); + if ($mimetype=='application/pdf') { + //Adobe Reader XSS prevention - please note that it prevents opening of pdfs in browser + $mimetype = 'application/x-forcedownload'; + $forcedownload = true; + } + //IE compatibiltiy HACK! if (ini_get('zlib.output_compression')) { ini_set('zlib.output_compression', 'Off'); diff --git a/lib/weblib.php b/lib/weblib.php index 036b127d24..16281ace9d 100644 --- a/lib/weblib.php +++ b/lib/weblib.php @@ -1721,6 +1721,11 @@ function cleanAttributes2($htmlArray){ } $arreach['value'] = preg_replace("/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xjavascript", $arreach['value']); $arreach['value'] = preg_replace("/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n/i", "Xexpression", $arreach['value']); + } else if ($arreach['name'] == 'href') { + if (stripos($arreach['value'], '.pdf')) { + //Adobe Reader XSS protection + $arreach['value'] = preg_replace('/(\.pdf)[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']); + } } $attStr .= ' '.$arreach['name'].'="'.$arreach['value'].'"'; } -- 2.39.5