From c6ba7de4300185a678c3b6a6d066fb77c6a698a7 Mon Sep 17 00:00:00 2001
From: haoouba <2323333339@qq.com>
Date: Mon, 15 Mar 2021 22:29:33 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/function.php |  2 +-
 core/parse.php    | 44 +++++++++++++++++++++++++++++++-------------
 package.json      |  2 +-
 3 files changed, 33 insertions(+), 15 deletions(-)

diff --git a/core/function.php b/core/function.php
index 3dc0671..4935464 100644
--- a/core/function.php
+++ b/core/function.php
@@ -2,7 +2,7 @@
 /* 获取主题当前版本号 */
 function _getVersion()
 {
-	return "6.0.5";
+	return "6.0.6";
 };
 
 /* 判断是否是手机 */
diff --git a/core/parse.php b/core/parse.php
index ab7665d..8566401 100644
--- a/core/parse.php
+++ b/core/parse.php
@@ -3,15 +3,34 @@
 /* 过滤短代码 */
 require_once('short.php');
 
+function _checkXSS($text)
+{
+    $isXss = false;
+    $list = array(
+        '([\x00-\x08,\x0b-\x0c,\x0e-\x19])', 'script', 'javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'style', 'embed', 'object', 'frame', 'layer', 'title', 'bgsound', 'onload', 'onunload', 'onchange', 'onsubmit', 'onreset', 'onselect', 'onblur', 'onfocus',
+        'onabort', 'onkeydown', 'onkeypress', 'onkeyup', 'onclick', 'ondblclick', 'onmousedown', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onunload'
+    );
+    if (strip_tags($text)) {
+        for ($i = 0; $i < count($list); $i++) {
+            if (strpos($text, $list[$i]) !== false) {
+                $isXss = true;
+                break;
+            }
+        }
+    } else {
+        $isXss = true;
+    };
+    return $isXss;
+}
+
 /* 过滤评论回复 */
 function _parseCommentReply($text)
 {
-    if (strip_tags($text)) {
-        $text = _parseReply($text);
-        $text = preg_replace('/\{!{(.*?)\}!}/', '<img class="lazyload draw_image" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="$1" onerror="javascript: this.src=\'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\';" alt="画图"/>', $text);
-        echo $text;
-    } else {
+    if (_checkXSS($text)) {
         echo "该回复疑似异常，已被系统拦截！";
+    } else {
+        $text = _parseReply($text);
+        echo preg_replace('/\{!{(.*?)\}!}/', '<img class="lazyload draw_image" src="data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==" data-src="$1" onerror="javascript: this.src=\'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\';" alt="画图"/>', $text);
     }
 }
 
@@ -38,26 +57,25 @@ function _parseReply($text)
 /* 格式化留言回复 */
 function _parseLeavingReply($text)
 {
-    if (strip_tags($text)) {
+    if (_checkXSS($text)) {
+        echo "该回复疑似异常，已被系统拦截！";
+    } else {
         $text = strip_tags($text);
         $text = _parseReply($text);
-        $text = preg_replace('/\{!\{(.*?)\}!\}/', '<img class="draw_image" src="$1" alt="画图"/>', $text);
-        echo $text;
-    } else {
-        echo "该回复疑似异常，已被系统拦截！";
+        echo preg_replace('/\{!\{(.*?)\}!\}/', '<img class="draw_image" src="$1" alt="画图"/>', $text);
     }
 }
 
 /* 格式化侧边栏回复 */
 function _parseAsideReply($text, $type = true)
 {
-    if (strip_tags($text)) {
+    if (_checkXSS($text)) {
+        echo "该回复疑似异常，已被系统拦截！";
+    } else {
         $text = strip_tags($text);
         $text = preg_replace('~{!{.*~', '# 图片回复', $text);
         if ($type) echo _parseReply($text);
         else echo $text;
-    } else {
-        echo "该回复疑似异常，已被系统拦截！";
     }
 }
 
diff --git a/package.json b/package.json
index 9fa772a..e312870 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "typecho-joe-next",
-	"version": "6.0.5",
+	"version": "6.0.6",
 	"description": "A Theme Of Typecho",
 	"main": "index.php",
 	"keywords": [