We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

Get started
Google+

Where do I find function that Sanitize user imput | Forum

Topic location: Forum home » Support » Bug reports and troubleshooting
UTAN
UTAN Feb 27 '17
So I been trolled by an user using using HTML5 chars 0-31 and 127 like


 ▄█▀ ▀█▀ ▄▀▄ █▀ █▄█▄█ ▄▀▄ █ he is using a different one that is in the range mentioned above..


In my chat application I have managed to remove them, now I have found how to patch the wall at mehod::addComment in /ow_system_plugins/base/bol/comment_service.php 


but been unsuccessful patching other input files like in feeds and I imaging message system is vulnerable aka not vulnerable but allows parsing of this ASCII range to be shown..


can anyone give me an idea where is files and method to patch all user input.. Feed, Mail system, etc..


Found in /public_html/ow_plugins/newsfeed/bol/service.php  method:addStatus this for the feeds.. 


Mail system is also Vulnerable.


public_html/ow_plugins/mailbox/bol/conversation_service.php

method::getMessageData


 thanks

The Forum post is edited by UTAN Feb 27 '17
#1
UTAN
UTAN Feb 28 '17
Anyone there? bumping tread..
#2
OW-Ghost
OW-Ghost Mar 2 '17
That concider as a custom code modification and you need hire a developer for have the work done.
#3
Alexander Hu
Alexander Hu Mar 2 '17
You could filter that easy with:

ereg_replace("[[:cntrl:]]","",$input);
#4
UTAN
UTAN Mar 3 '17
@Alexander Hu, 


I have the code that fixes it... problem is that I want to use the method function that Oxwall devs are using,

 there must be a function that is being used to sanitize user input somewhere, 


Instead of me going and patching every file where user input is used, that's the function it needs to be patched..


 regards..

#5
Alexander Hu
Alexander Hu Mar 3 '17
Well, there is not only ONE file where the input needs to be sanitized...
I've been stumbling at least over 2 files where input is handled.
(and there might be more)
#6
UTAN
UTAN Mar 3 '17
Yeah, I have found some of them, as in above you can find them.. 


 but matter of fact that this redundant since DEV used a method to do cleaning in every file required to be sanitized but where is it?


the heading in the mail system is vulnerable can't find where it needs to be cleaned..


 where are the DEVS here? no more support?

#7
Start | Demo | About | Policies & Licenses | Blog | Contact Us | Oxwall Foundation | Roadmap | Developer Central | Oxwall hosting | Contribute | Partners | Donation | Community software | Dating software
© Copyright Oxwall Software
Oxwall Community Software