smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rewrote the mailto function to not use eval when encoding with javascript

Browse Source 
(cherry picked from commit c7576eb1a1)
This commit is contained in:
Simon Wisselink
2022-01-09 23:15:25 +01:00
parent 9ffca4a093
commit 457284283a
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased] ## [Unreleased]
### Security
- Rewrote the mailto function to not use `eval` when encoding with javascript
## [3.1.40] - 2021-10-13 ## [3.1.40] - 2021-10-13
### Changed ### Changed

11
libs/plugins/function.mailto.php
View File

@@ -94,22 +94,19 @@ function smarty_function_mailto($params)
); );
return; return;
} }
// FIXME: (rodneyrehm) document.write() excues me what? 1998 has passed!
if ($encode === 'javascript') { if ($encode === 'javascript') {
$string = 'document.write(\'<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>\');'; $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
$js_encode = ''; $js_encode = '';
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) { for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$js_encode .= '%' . bin2hex($string[ $x ]); $js_encode .= '%' . bin2hex($string[ $x ]);
} }
return '<script type="text/javascript">eval(unescape(\'' . $js_encode . '\'))</script>'; return '<script type="text/javascript">document.write(unescape(\'' . $js_encode . '\'))</script>';
} elseif ($encode === 'javascript_charcode') { } elseif ($encode === 'javascript_charcode') {
$string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>'; $string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
for ($x = 0, $y = strlen($string); $x < $y; $x++) { for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
$ord[] = ord($string[ $x ]); $ord[] = ord($string[ $x ]);
} }
$_ret = "<script type=\"text/javascript\" language=\"javascript\">\n" . "{document.write(String.fromCharCode(" . return '<script type="text/javascript">document.write(String.fromCharCode(' . implode(',', $ord) . '))</script>';
implode(',', $ord) . "))" . "}\n" . "</script>\n";
return $_ret;
} elseif ($encode === 'hex') { } elseif ($encode === 'hex') {
preg_match('!^(.*)(\?.*)$!', $address, $match); preg_match('!^(.*)(\?.*)$!', $address, $match);
if (!empty($match[ 2 ])) { if (!empty($match[ 2 ])) {