|
Post by coldstone on May 24, 2007 11:09:29 GMT -5
Versions Affected: GreyMatter 1.7.2 and 1.7.2.3 Severity: Moderate (reduces comment functionality, workaround stops spam filtering) Issue Description: When a comment is previewed or commenter verification is turned on, a newline in comment will trigger a security alert. This is because of the way newlines are encoded by Gm, it uses '|*|' to signify a newline.
Resolution: There is a code fix for this issue. Change line 310 of Gm_Web from:
unless( $name =~ m/^edited/i || $name =~ m/template$/i || $name =~ m/^newentry/i ){ To:
if( $name =~ m/^edited/i || $name =~ m/template$/i || $name =~ m/^newentry/i ){ ## do nothing for now } elsif( $name =~ m/^newcommentbody/i ){ if( Gm_Utils::hackWebTest( $name ) || Gm_Utils::hackWebTest( $value ) ){ &$errHandler('We don\'t take kindly to that sort of activity here. '. 'Your attempt to break the script has been logged and the administrators have '. 'been notified. <br>'); } } else { This issue will be fixed for 1.7.3.
Updated 5/28 per jesper's notes.
|
|
|
Post by jesper on May 25, 2007 5:28:52 GMT -5
This didnt work out for me because line 432 in my file (v1.7.2.3) read: cat -n Gm_Web.pm|grep 432 432 ## gm_generatecalendar which enters into a loop that depends on The closest thing i found was at line 308: unless( $name =~ m/^edited/i || $name =~ m/template$/i ){ But after changing the code here i got: Undefined subroutine &Gm_Security::hackWebTest called at libs/Gm_Web.pm line 311. I got around this by changing the the line in your fix from: if( Gm_Security::hackWebTest( $name ) || Gm_Security::hackWebTest( $value ) ){ to: if( Gm_Utils::hackWebTest( $name ) || Gm_Utils::hackWebTest( $value ) ){ And now it seems to work, but since i have no idea what i have just done with the code, i would not recommend anyone to use my solution until the authors have given their respons to this.
|
|
|
Post by Carlos Phelps on May 25, 2007 9:13:26 GMT -5
|
|
|
Post by coldstone on May 28, 2007 15:47:56 GMT -5
Thanks jesper, another good catch. The Gm_Security module is new to 1.7.3 and its the same function, just in a more appropriate place. I will modify the original post.
My apologies to people who tried to use the original post, it is based on 1.7.3 code, instead of 1.7.2.
|
|