2 /* gets html inputs, truncates them to a specified length, and reinserts them into the $_REQUEST variable
3 inputs not found in the $ewiki_input_limits array are unset.
4 written by: Jeffrey Engleman
7 //copied from ewiki.php so their value is defined here.
8 define("EWIKI_UP_PAGENUM", "n"); # _UP_ means "url parameter"
9 define("EWIKI_UP_PAGEEND", "e");
10 define("EWIKI_UP_PAGE_LENGTH", 3); //allows up to 999 records
12 define("EWIKI_USERNAME_LENGTH", 80);
13 define("EWIKI_GROUPNAME_LENGTH", 32);
14 define("EWIKI_PASSWORD_LENGTH", 32);
15 define("EWIKI_FIELDNAME_LENGTH", 32);
16 //array(PAGENAME => array(INPUTNAME => INPUTLENGTH, INPUT2NAME => INPUT2LENGTH));
17 //special PAGENAME entries include:
18 //_AllPages: handles submits that can appear on all pages e.g. username and password
19 //_Binary: handles submits that appear on binary pages e.g. internal://....
20 //_Edit: handles submits from pages prefixed with edit/ and updateformatheader/
21 $ewiki_input_limits=array(
22 "_AllPages" => array("username" => EWIKI_USERNAME_LENGTH, "password" => EWIKI_PASSWORD_LENGTH, "submit_login_img_x" => 2,
23 "submit_login_img_y" => 2, "submit_login" => 5, "thankyou" => 1, "id" => 160, "page" => 160, "PHPSESSID" => 32,
24 "i_am_no_spambot" => 12, "new_filename" => 160, "comment" => 1600000, "section" => 160, "year" => 4,"version" => 3,
25 EWIKI_UP_PAGENUM => EWIKI_UP_PAGE_LENGTH,EWIKI_UP_PAGEEND => EWIKI_UP_PAGE_LENGTH),
26 "_Binary" => array("binary" => 160),
27 "_Manage" => array("submit_manage" => 0, "liveuserPermsView" => 10,"liveuserPermsPublish" => 10),
28 "_Email" => array("email_address" => 340, "email_text" => 255,"not_first_time" => 1,"email_page" => 1),
29 "_Edit" => array("piclogocntrlSelectLogo" => 160, "pageimagecntrl" => 160, "encoded_email" => 0, "go" => 0, "preview" => 7,
30 "content" => 1677215 , "save" => 4, "liveuserPermsView" => 10, "liveuserPermsEdit" => 10,
31 "liveuserPermsPublish" => 10),
32 "WikiDump" => array("dump_id" => 160, "download_tarball" => 17, "dump_images" => 1, "dump_fullhtml" => 1, "dump_virtual" => 1,
33 "dump_depth" => 3, "dump_arclevel" => 1, "dump_arctype" => 3),
34 "ExAllTodo" => array("q" => 16),
35 "ExAllPolicy" => array("q" => 16),
36 "Search" => array("Submit_x" => 2, "Submit_y" => 2, "q" => 50, "where" => 7),
37 "SearchPages" => array("q" => 50),
38 "PowerSearch" => array("q" => 50, "where" => 7),
39 "AdminAddUsers" => array("username_text" => EWIKI_USERNAME_LENGTH, "text_E-Mail_Address" => EWIKI_USERNAME_LENGTH,
40 "group_list" => EWIKI_GROUPNAME_LENGTH, "submit_addusers" => 1, "text_" => 255),
41 "AdminPerms" => array("submit_changeperm" => 14, "ring_" => 3, "chk_" => 2, "letterfilter" => 5, "pagefilter" => 160,"classfilter" => 10,
42 "submit_filterperm" => 6, "pagename_text" => 160, "ring_list" => 3, "right_list" => 3, "submit_addperm" => 17),
43 "AdminPermsReport" => array("letterfilter" => 5, "pagefilter" => 160, "classfilter" => 10, "submit_filterperm" => 6),
44 "AdminRights" => array("chk_" => 2, "submit_changerights" => 14, "rightname_text" => 50, "addgroup" => 2, "submit_addright" => 9),
45 "AdminUsers" => array("chname_" => EWIKI_USERNAME_LENGTH, "origname_" => EWIKI_USERNAME_LENGTH, "usernames_text" => EWIKI_USERNAME_LENGTH*10,
46 "username_text" => EWIKI_USERNAME_LENGTH, "pw_text" => EWIKI_PASSWORD_LENGTH, "search_fieldname" => EWIKI_FIELDNAME_LENGTH,
47 "chgroupname_" => EWIKI_GROUPNAME_LENGTH, "usernames_grouplist" => EWIKI_GROUPNAME_LENGTH,
48 "grouplist" => EWIKI_GROUPNAME_LENGTH, "groupname_text" => EWIKI_GROUPNAME_LENGTH,"origgroupname_" => EWIKI_GROUPNAME_LENGTH,
49 "uvar_fieldname" => EWIKI_FIELDNAME_LENGTH,"chpw_" => EWIKI_PASSWORD_LENGTH,"grouplist" => EWIKI_GROUPNAME_LENGTH,
50 "submit_removeusersfromgroup" => 15, "radpw_" => 6,"chkgroup_" => 2, "chk_" => 2, "submit_deleteusers" => 16,
51 "submit_changegroups" => 14, "submit_adduser" => 8, "chuvar_" => 255, "origchuvar_" => 255, "search_fieldvalue" => 255,
52 "submit_searchaccount" => 6, "submit_addusers" => 9,"pwgen_addusers" =>2,"addright" => 2, "submit_addgroup" => 9,
53 "submit_adduserstogroup" => 12, "chkrandpw_"=> 2,"submit_changeusers" => 14),
54 "AdminFullUser" => array("accountname_text" => EWIKI_USERNAME_LENGTH,"new_accountfield" => EWIKI_FIELDNAME_LENGTH, "submit_viewaccount" => 9,
55 "chk_" => 2, "text_" => 255, "submit_changeaccount" => 14,"submit_clearuservars" => 14, "new_accountfieldvalue" => 255,
56 "submit_accountaddfield" => 9,"batch_fieldnames" => 1649, "batch_fieldvalues" => 12799, "submit_batchfields" => 10,
57 "submit_batchusers" => 10, "bulk_items" => 1677215, "submit_bulkset" => 11, "batch_usernames" => 1649),
58 "UserInfo" => array("submit_changeaccount" => 14, "text_" => 255),
59 "AdminSearchAccounts" => array("search_fieldname" => EWIKI_FIELDNAME_LENGTH, "chk_" => EWIKI_FIELDNAME_LENGTH, "search_fieldvalue" => 255,
60 "submit_searchaccount" => 6,"text_" => 255, "submit_changeaccount" => 14, "submit_clearuservars" => 15),
61 "ChangePassword" => array("oldpassword" => EWIKI_PASSWORD_LENGTH, "newpassword1" => EWIKI_PASSWORD_LENGTH, "newpassword2" => EWIKI_PASSWORD_LENGTH,
63 "TextUpload" => array("textfile_overwrite_pages" => 1, "textfile_assume_text" => 1, "textfile_noext_is_text" => 1,
64 "textfile_brute_force" => 1, "textfile_brute_force" => 1, "textfile_saveas" => 160,
65 "textfile_strip_ext" => 1, "upload_text_file" => 300),
66 "ProtectedEmail" => array("encoded_email" => 340),
67 "Login" => array("cancel_login" => 6));
69 $ewiki_plugins["init"][-4] = "ewiki_input_truncate";
71 function ewiki_input_truncate(){
72 global $ewiki_input_limits, $ewiki_plugins;
74 //get and trim current page id
75 $id=substr(ewiki_id(), 0, $ewiki_input_limits['_AllPages']['id']);
77 if ($delim = strpos($id, EWIKI_ACTION_SEP_CHAR)) {
78 $action = substr($id, 0, $delim);
79 $id = substr($id, $delim + 1);
82 foreach($_REQUEST as $key => $value){ //loop through the $_REQUEST variable
83 $input_value=trim($value); //trim value
85 $ewiki_input_key=$key;
86 $ewiki_input_id=ewiki_check_input($id, $ewiki_input_key, $action);
87 if(!strlen($ewiki_input_id)){
88 $ewiki_input_key=ewiki_reset_key($id, $key);
89 $ewiki_input_id=ewiki_check_input($id, $ewiki_input_key, $action);
91 if(!strlen($ewiki_input_id)){
92 ewiki_log('Unhandled submit: Page: "'.$id.'" Key: "'.$key.'" Value: "'.$value.'" \n', 1);
93 ewiki_set_globals($key);
96 if(is_array($input_value)){
97 //loop through the input array
98 foreach($input_value as $array_input_key => $array_input_value){
99 $input_value=trim($array_input_value); //redefine input_value with the array value
100 //check to see if its longer than allowed
101 if(strlen($input_value)>$ewiki_input_limits[$ewiki_input_id][$ewiki_input_key]){
102 //its too long truncate it...
103 ewiki_set_globals($key, substr($input_value, 0, $ewiki_input_limits[$ewiki_input_id][$ewiki_input_key]), $array_input_key);
108 //if the input length is longer than its supposed to be trim it.
109 elseif((strlen($input_value)>$ewiki_input_limits[$ewiki_input_id][$ewiki_input_key]) && isset($ewiki_input_limits[$ewiki_input_id][$ewiki_input_key])){
110 ewiki_log("Trimming: Key: $ewiki_input_key Id: $ewiki_input_id to length: ".$ewiki_input_limits[$ewiki_input_id][$ewiki_input_key]);
111 ewiki_set_globals($key, substr($input_value, 0, $ewiki_input_limits[$ewiki_input_id][$ewiki_input_key]));
116 function ewiki_check_input($id, $ewiki_input_key, $action){
117 global $ewiki_input_limits;
118 //determines what type of page we are running on and sets the ewiki_input_id variable accordingly
119 //check to see if our key matches up with an input for this specific page
120 if(isset($ewiki_input_limits[$id][$ewiki_input_key])){
121 //some inputs are arrays themselves this handles that.
123 //else check to see if it's a global input
124 } elseif(isset($ewiki_input_limits["_AllPages"][$ewiki_input_key])){
126 //$maxlen=$ewiki_input_limits["_AllPages"][$ewiki_input_key];
127 //else check to see if its a binary input
128 } elseif(isset($ewiki_input_limits["_Binary"][$ewiki_input_key]) && strstr($action, "binary")){
130 //$maxlen=$ewiki_input_limits["_Binary"][$ewiki_input_key];
131 //else check to see if its an edit input
132 } elseif(isset($ewiki_input_limits["_Email"][$ewiki_input_key]) && ($action=="emailpage")){
134 //$maxlen=$ewiki_input_limits["_Edit"][$ewiki_input_key];
135 } elseif(isset($ewiki_input_limits["_Edit"][$ewiki_input_key]) && ($action=="edit" || $action=="updateformatheader")){
137 //$maxlen=$ewiki_input_limits["_Edit"][$ewiki_input_key];
138 } elseif(isset($ewiki_input_limits["_Manage"][$ewiki_input_key]) && ($action=="manage")){
140 //no more input types. fail.
146 //Resets a key to a substring of itself to handle iteratively generated inputs.
147 function ewiki_reset_key($id, $key){
148 global $ewiki_input_limits;
149 //handles multiple elements with the same prefix *_ and a numerical suffix
150 if(preg_match("/(\D+_)(\d+)/", $key, $matches)){
151 //redefine the input key as the prefix of these elements *_
153 //handles multiple elements with the same prefix *_ and a non numeric suffix
154 } elseif(preg_match("/([a-zA-Z]+_)(.*)/", $key, $matches) && !isset($ewiki_input_limits[$id][$key]) && !isset($ewiki_input_limits["_AllPages"][$key])){
157 return ""; //used to match the request key to the ewiki_input_limits array
161 /**ewiki_set_globals sets or clears global HTTP variables as requested
164 * @param string $newval
166 function ewiki_set_globals($key, $newval="", $key2=""){
167 for($i=1;$i<=4;$i++){
169 case 1: //process $_REQUEST
170 if($newval=="" && $key2==""){
171 unset($_REQUEST[$key]);
172 } elseif($newval=="" && $key2!=""){
173 unset($_REQUEST[$key][$key2]);
174 } elseif($key2=="") {
175 $_REQUEST[$key]=$newval;
177 $_REQUEST[$key][$key2]=$newval;
180 case 2: //process $_POST
181 if($newval=="" && $key2==""){
183 } elseif($newval=="" && $key2!=""){
184 unset($_POST[$key][$key2]);
185 } elseif($key2=="") {
186 $_POST[$key]=$newval;
188 $_POST[$key][$key2]=$newval;
191 case 3: //process $_GET
192 if($newval=="" && $key2==""){
194 } elseif($newval=="" && $key2!=""){
195 unset($_GET[$key][$key2]);
196 } elseif($key2=="") {
199 $_GET[$key][$key2]=$newval;
202 case 4: //process $_COOKIE
203 if($newval=="" && $key2==""){
204 unset($_COOKIE[$key]);
205 } elseif($newval=="" && $key2!=""){
206 unset($_COOKIE[$key][$key2]);
207 } elseif($key2=="") {
208 $_COOKIE[$key]=$newval;
210 $_COOKIE[$key][$key2]=$newval;