Merge pull request #147 from open-qhm/fix-CVE-2022-36350

XSS脆弱性を修正
open-qhm · Sep 8, 2022 · a30c032 · a30c032
2 parents 227f1bb + 29e9ae9
commit a30c032
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 8 deletions.
diff --git a/default.ini.php b/default.ini.php
@@ -1,8 +1,8 @@
 <?php
 // PukiWiki - Yet another WikiWikiWeb clone.
-// $Id: default.ini.php,v 1.25 2005/12/20 14:04:40 henoheno Exp $
-// Copyright (C)
-//   2003-2005 PukiWiki Developers Team
+// default.ini.php - CVE-2022-36350 version for PukiWiki 1.4.7-1.5.1
+// Copyright
+//   2003-2022 PukiWiki Development Team
 //   2001-2002 Originally written by yu-ji
 // License: GPL v2 or (at your option) any later version
 //
@@ -111,10 +111,13 @@
 /////////////////////////////////////////////////
 // ユーザ定義ルール(コンバート時に置換)
 $line_rules = array(
-	'COLOR\(([^\(\)]*)\){([^}]*)}'	=> '<span style="color:$1">$2</span>',
-	'SIZE\(([^\(\)]*)\){([^}]*)}'	=> '<span style="font-size:$1px">$2</span>',
-	'COLOR\(([^\(\)]*)\):((?:(?!COLOR\([^\)]+\)\:).)*)'	=> '<span style="color:$1">$2</span>',
-	'SIZE\(([^\(\)]*)\):((?:(?!SIZE\([^\)]+\)\:).)*)'	=> '<span class="size$1">$2</span>',
+	'COLOR\(((?:[a-zA-Z]{1,20})|(?:#[0-9a-fA-F]{3,6}))\){([^}]*)}'
+		=> '<span style="color:$1">$2</span>',
+	'SIZE\((\d{1,2})\){([^}]*)}' => '<span style="font-size:$1px">$2</span>',
+	'COLOR\(((?:[a-zA-Z]{1,20})|(?:#[0-9a-fA-F]{3,6}))\):((?:(?!COLOR\([^\)]+\)\:).)*)'
+		=> '<span style="color:$1">$2</span>',
+	// "SIZE(n):" PukiWiki 1.3 compatible notation
+	'SIZE\(([1-7])\):((?:(?!SIZE\([^\)]+\)\:).)*)' => '<span class="size$1">$2</span>',
 	'%%%(?!%)((?:(?!%%%).)*)%%%'	=> '<ins>$1</ins>',
 	'%%(?!%)((?:(?!%%).)*)%%'	=> '<del>$1</del>',
 	"'''(?!')((?:(?!''').)*)'''"	=> '<em>$1</em>',

diff --git a/lib/init.php b/lib/init.php
@@ -11,7 +11,7 @@
 // PukiWiki version / Copyright / Licence
 
 define('S_VERSION', '1.4.7');
-define('QHM_VERSION', '7.6.0');  //絶対に編集しないで下さい
+define('QHM_VERSION', '7.6.1');  //絶対に編集しないで下さい
 define('QHM_OPTIONS', 'update=download; support=false; banner=true');
 define('S_COPYRIGHT',
 	'powered by <strong><a href="https://haik-cms.jp/">HAIK</a> ' . QHM_VERSION . '</strong><br />' .