Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v diff -u -N -r1.189.2.153 -r1.189.2.154 --- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 23 Oct 2022 18:19:55 -0000 1.189.2.153 +++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 7 Nov 2022 13:34:34 -0000 1.189.2.154 @@ -891,6 +891,7 @@ return $export_string } + ad_proc -private export_vars_sign { {-params ""} value @@ -3599,6 +3600,44 @@ return $external_url_p } +ad_proc util::potentially_unsafe_eval_p { -warn:boolean string } { + + Check content of the string to identify potentially unsafe content + in the provided string. The content is unsafe, when it contains + externally provided content, which might be provided e.g. via + query variables, or via user values stored in the database. When + such content contains square braces, a "subst" command on + theses can evaluate arbitrary commands, which is dangerous. + +} { + set unsafe_p 0 + set original_string $string + while {1} { + set p [string first \[ $string ] + if {$p > 0} { + set previous_char [string range $string $p-1 $p-1] + set string [string range $string $p+1 end] + if {$previous_char eq "\\"} { + continue + } + } + if {$p < 0 || [string length $string] < 2} { + break + } + set unsafe_p 1 + if {$warn_p} { + ad_log warning "potentially unsafe eval on '$original_string'" + } + } + return $unsafe_p +} + +# potential test cases +#util::potentially_unsafe_eval_p 123 +#util::potentially_unsafe_eval_p {123[aaa} +#util::potentially_unsafe_eval_p {123\[aaa} +#util::potentially_unsafe_eval_p {123\[aaa[567} + ad_proc -public ad_job { {-queue jobs} {-timeout ""}