<% '**************************************************************************************** '** Copyright Notice '** '** Web Wiz Guide - Web Wiz Forums '** '** Copyright 2001-2004 Bruce Corkhill All Rights Reserved. '** '** This program is free software; you can modify (at your own risk) any part of it '** under the terms of the License that accompanies this software and use it both '** privately and commercially. '** '** All copyright notices must remain in tacked in the scripts and the '** outputted HTML. '** '** You may use parts of this program in your own private work, but you may NOT '** redistribute, repackage, or sell the whole or any part of this program even '** if it is modified or reverse engineered in whole or in part without express '** permission from the author. '** '** You may not pass the whole or any part of this application off as your own work. '** '** All links to Web Wiz Guide and powered by logo's must remain unchanged and in place '** and must remain visible when the pages are viewed unless permission is first granted '** by the copyright holder. '** '** This program is distributed in the hope that it will be useful, '** but WITHOUT ANY WARRANTY; without even the implied warranty of '** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR ANY OTHER '** WARRANTIES WHETHER EXPRESSED OR IMPLIED. '** '** You should have received a copy of the License along with this program; '** if not, write to:- Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom. '** '** '** No official support is available for this program but you may post support questions at: - '** http://www.webwizguide.info/forum '** '** Support questions are NOT answered by e-mail ever! '** '** For correspondence or non support questions contact: - '** info@webwizguide.info '** '** or at: - '** '** Web Wiz Guide, PO Box 4982, Bournemouth, BH8 8XP, United Kingdom '** '**************************************************************************************** '********************************************** '*** Check HTML input for malicious code ***** '********************************************** 'Check images function Private Function checkHTML(ByVal strMessageInput) Dim strTempHTMLMessage 'Temporary message store Dim lngMessagePosition 'Holds the message position Dim intHTMLTagLength 'Holds the length of the HTML tags Dim strHTMLMessage 'Holds the HTML message Dim strTempMessageInput 'Temp store for the message input Dim lngLoopCounter 'Loop counter 'Include the array of disallowed HTML tags %><% 'Strip scripting strMessageInput = Replace(strMessageInput, "", "", 1, -1, 1) 'Strip dodgy styles strMessageInput = Replace(strMessageInput, "", 1) - lngMessagePosition) 'Place the HTML tag back into the temporary message store strHTMLMessage = Mid(strMessageInput, lngMessagePosition, intHTMLTagLength + 1) 'Place the HTML tag into a temporay variable store to be stripped of malcious code strTempHTMLMessage = strHTMLMessage '***** Filter Hyperlinks ***** 'If this is an hyperlink tag then check it for malicious code If InStr(1, strTempHTMLMessage, "href", 1) <> 0 Then 'Turn < and > into forum codes so they aren't stripped when checking links strTempHTMLMessage = Replace(strTempHTMLMessage, "<", "**/**", 1, -1, 1) strTempHTMLMessage = Replace(strTempHTMLMessage, ">", "**\**", 1, -1, 1) 'Call the format link function to strip malicious codes strTempHTMLMessage = formatLink(strTempHTMLMessage) 'Turn **/** and **\** back from forum codes strTempHTMLMessage = Replace(strTempHTMLMessage, "**/**", "<", 1, -1, 1) strTempHTMLMessage = Replace(strTempHTMLMessage, "**\**", ">", 1, -1, 1) 'Format link tag strTempHTMLMessage = Replace(strTempHTMLMessage, ">", " target=""_blank"">", 1, -1, 1) End If '***** Filter Image Tags ***** 'If this is an Image tag then check it for malicious code If InStr(1, strTempHTMLMessage, "img", 1) <> 0 AND InStr(1, strTempHTMLMessage, "src", 1) <> 0 Then 'Turn < and > into forum codes so they aren't stripped when checking links strTempHTMLMessage = Replace(strTempHTMLMessage, "<", "**/**", 1, -1, 1) strTempHTMLMessage = Replace(strTempHTMLMessage, ">", "**\**", 1, -1, 1) 'Call the check images function to strip malicious codes strTempHTMLMessage = checkImages(strTempHTMLMessage) 'Turn **/** and **\** back from forum codes strTempHTMLMessage = Replace(strTempHTMLMessage, "**/**", "<", 1, -1, 1) strTempHTMLMessage = Replace(strTempHTMLMessage, "**\**", ">", 1, -1, 1) 'Format image tag strTempHTMLMessage = Replace(strTempHTMLMessage, ">", " border=""0"">", 1, -1, 1) End If '***** Filter Unwanted HTML Tags ***** 'If this is not an image or a link then cut all unwanted HTML out of the HTML tag If InStr(1, strTempHTMLMessage, "href", 1) = 0 AND InStr(1, strTempHTMLMessage, "img", 1) = 0 Then 'Loop through the array of disallowed HTML tags For lngLoopCounter = LBound(saryHTMLtags) To UBound(saryHTMLtags) strTempHTMLMessage = Replace(strTempHTMLMessage, saryHTMLtags(lngLoopCounter), "", 1, -1, 1) Next End If '***** Format Unwanted HTML Tags ***** 'Strip out malicious code from the HTML that may have not been stripped but trying to sneak through in a hyperlink or image src strTempHTMLMessage = formatInput(strTempHTMLMessage) 'Place the new fromatted HTML tag back into the message post strTempMessageInput = Replace(strTempMessageInput, strHTMLMessage, strTempHTMLMessage, 1, -1, 1) End If Next 'Return the function checkHTML = strTempMessageInput End Function '****************************************** '*** Check Images for malicious code ***** '****************************************** 'Check images function Private Function checkImages(ByVal strInputEntry) Dim strImageFileExtension 'Holds the file extension of the image Dim saryImageTypes 'Array holding allowed image types in the forum Dim intExtensionLoopCounter 'Holds the loop counter for the array Dim blnImageExtOK 'Set to true if the image extension is OK 'If there is no . in the link then there is no extenison and so can't be an image If inStr(1, strInputEntry, ".", 1) = 0 Then strInputEntry = "" 'Else remove malicious code and check the extension is an image extension Else 'Initiliase variables blnImageExtOK = false 'Get the file extension strImageFileExtension = LCase(Mid(strInputEntry, InStrRev(strInputEntry, "."), 4)) 'Get the image types allowed in the forum strImageTypes = strImageTypes & ";gif;jpg;jpe;bmp;png" 'Place the image types into an array saryImageTypes = Split(Trim(strImageTypes), ";") 'Loop through all the allowed extensions and see if the image has one For intExtensionLoopCounter = 0 To UBound(saryImageTypes) 'Reformat extension to check saryImageTypes(intExtensionLoopCounter) = "." & Trim(Mid(saryImageTypes(intExtensionLoopCounter), 1, 3)) 'Check to see if the image extension is allowed If saryImageTypes(intExtensionLoopCounter) = strImageFileExtension Then blnImageExtOK = true Next 'If the image extension is not OK then strip it from the image link If blnImageExtOK = false Then strInputEntry = Replace(strInputEntry, strImageFileExtension, "", 1, -1, 1) 'Call the format link function to strip malicious codes strInputEntry = formatLink(strInputEntry) 'Chop out any querystring question marks that maybe in the image link strInputEntry = Replace(strInputEntry, "?", "", 1, -1, 1) End If 'Return checkImages = strInputEntry End Function '******************************************** '*** Format Links ***** '******************************************** 'Format links funtion Private Function formatLink(ByVal strInputEntry) 'Remove malisous charcters from links and images strInputEntry = Replace(strInputEntry, "document.cookie", ".", 1, -1, 1) strInputEntry = Replace(strInputEntry, "javascript:", "javascript ", 1, -1, 1) strInputEntry = Replace(strInputEntry, "vbscript:", "vbscript ", 1, -1, 1) strInputEntry = Replace(strInputEntry, "javascript :", "javascript ", 1, -1, 1) strInputEntry = Replace(strInputEntry, "vbscript :", "vbscript ", 1, -1, 1) strInputEntry = Replace(strInputEntry, "[", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "]", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "(", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, ")", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "{", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "}", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "<", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, ">", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "|", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "script", "script", 1, -1, 0) strInputEntry = Replace(strInputEntry, "SCRIPT", "SCRIPT", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Script", "Script", 1, -1, 0) strInputEntry = Replace(strInputEntry, "script", "Script", 1, -1, 1) strInputEntry = Replace(strInputEntry, "object", "object", 1, -1, 0) strInputEntry = Replace(strInputEntry, "OBJECT", "OBJECT", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Object", "Object", 1, -1, 0) strInputEntry = Replace(strInputEntry, "object", "Object", 1, -1, 1) strInputEntry = Replace(strInputEntry, "applet", "applet", 1, -1, 0) strInputEntry = Replace(strInputEntry, "APPLET", "APPLET", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Applet", "Applet", 1, -1, 0) strInputEntry = Replace(strInputEntry, "applet", "Applet", 1, -1, 1) strInputEntry = Replace(strInputEntry, "embed", "embed", 1, -1, 0) strInputEntry = Replace(strInputEntry, "EMBED", "EMBED", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Embed", "Embed", 1, -1, 0) strInputEntry = Replace(strInputEntry, "embed", "Embed", 1, -1, 1) strInputEntry = Replace(strInputEntry, "document", "document", 1, -1, 0) strInputEntry = Replace(strInputEntry, "DOCUMENT", "DOCUMENT", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Document", "Document", 1, -1, 0) strInputEntry = Replace(strInputEntry, "document", "Document", 1, -1, 1) strInputEntry = Replace(strInputEntry, "cookie", "cookie", 1, -1, 0) strInputEntry = Replace(strInputEntry, "COOKIE", "COOKIE", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Cookie", "Cookie", 1, -1, 0) strInputEntry = Replace(strInputEntry, "cookie", "Cookie", 1, -1, 1) strInputEntry = Replace(strInputEntry, "event", "event", 1, -1, 0) strInputEntry = Replace(strInputEntry, "EVENT", "EVENT", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Event", "Event", 1, -1, 0) strInputEntry = Replace(strInputEntry, "event", "Event", 1, -1, 1) strInputEntry = Replace(strInputEntry, "on", "on", 1, -1, 0) strInputEntry = Replace(strInputEntry, "ON", "ON", 1, -1, 0) strInputEntry = Replace(strInputEntry, "On", "On", 1, -1, 0) strInputEntry = Replace(strInputEntry, "on", "on", 1, -1, 1) strInputEntry = Replace(strInputEntry, "LINK", "LINK", 1, -1, 0) strInputEntry = Replace(strInputEntry, "Link", "Link", 1, -1, 0) strInputEntry = Replace(strInputEntry, "link", "link", 1, -1, 1) 'Return formatLink = strInputEntry End Function '****************************************** '*** Format user input ***** '****************************************** 'Format user input function Private Function formatInput(ByVal strInputEntry) 'Get rid of malicous code in the message strInputEntry = Replace(strInputEntry, "", "", 1, -1, 1) strInputEntry = Replace(strInputEntry, "