修正撰写文章添加标签时可能出现的非法字符

修正cookie对数组的过滤不严

var/Typecho/Common.php

@@ -635,12 +635,12 @@ EOF;
     {
         //~ 针对location的xss过滤, 因为其特殊性无法使用removeXSS函数
         //~ fix issue 66
-        $params = parse_url(str_replace(array("\r", "\n"), '', $url));
+        $params = parse_url(str_replace(array("\r", "\n", "\t", ' '), '', $url));
 
         /** 禁止非法的协议跳转 */
         if (isset($params['scheme'])) {
             if (!in_array($params['scheme'], array('http', 'https'))) {
-                return;
+                return '/';
             }
         }
 
@@ -904,7 +904,7 @@ EOF;
      *
      * @access public
      * @param integer $length 字符串长度
-     * @param string $specialChars 是否有特殊字符
+     * @param boolean $specialChars 是否有特殊字符
      * @return string
      */
     public static function randString($length, $specialChars = false)

var/Typecho/Cookie.php

@@ -54,7 +54,7 @@ class Typecho_Cookie
      * 获取前缀 
      * 
      * @access public
-     * @return void
+     * @return string
      */
     public static function getPrefix()
     {
@@ -73,7 +73,7 @@ class Typecho_Cookie
     {
         $key = self::$_prefix . $key;
         $value = isset($_COOKIE[$key]) ? $_COOKIE[$key] : (isset($_POST[$key]) ? $_POST[$key] : $default);
-        return $value;
+        return is_array($value) ? $default : $value;
     }
 
     /**
@@ -88,16 +88,7 @@ class Typecho_Cookie
     public static function set($key, $value, $expire = 0)
     {
         $key = self::$_prefix . $key;
-
-        /** 对数组型COOKIE的写入支持 */
-        if (is_array($value)) {
-            foreach ($value as $name => $val) {
-                setrawcookie("{$key}[{$name}]", rawurlencode($val), $expire, self::$_path);
-            }
-        } else {
-            setrawcookie($key, rawurlencode($value), $expire, self::$_path);
-        }
-        
+        setrawcookie($key, rawurlencode($value), $expire, self::$_path);
         $_COOKIE[$key] = $value;
     }
 
@@ -115,15 +106,7 @@ class Typecho_Cookie
             return;
         }
 
-        /** 对数组型COOKIE的删除支持 */
-        if (is_array($_COOKIE[$key])) {
-            foreach ($_COOKIE[$key] as $name => $val) {
-                setcookie("{$key}[{$name}]", '', time() - 2592000, self::$_path);
-            }
-        } else {
-            setcookie($key, '', time() - 2592000, self::$_path);
-        }
-
+        setcookie($key, '', time() - 2592000, self::$_path);
         unset($_COOKIE[$key]);
     }
 }

var/Typecho/Request.php

@@ -12,7 +12,6 @@ define('__TYPECHO_FILTER_SUPPORTED__', function_exists('filter_var'));
 /**
  * 服务器请求处理类
  *
- * TODO getSiteUrl
  * @package Request
  */
 class Typecho_Request
@@ -25,13 +24,6 @@ class Typecho_Request
      */
     private $_params = array();
 
-    /**
-     * 参数是否已经处理过
-     *
-     * @var bool
-     */
-    private $_paramsParsed = false;
-
     /**
      * 路径信息
      *

var/Typecho/Validate.php

@@ -144,7 +144,7 @@ class Typecho_Validate
      * @param integer $length 最小长度
      * @return boolean
      */
-    public function minLength($str, $length)
+    public static function minLength($str, $length)
     {
         return (Typecho_Common::strLen($str) >= $length);
     }
@@ -182,7 +182,7 @@ class Typecho_Validate
      * @param array $params 枚举值
      * @return unknown
      */
-    public function enum($str, array $params)
+    public static function enum($str, array $params)
     {
         $keys = array_flip($params);
         return isset($keys[$str]);
@@ -191,11 +191,11 @@ class Typecho_Validate
     /**
      * Max Length
      *
-     * @access public
-     * @param string
-     * @return boolean
+     * @param $str
+     * @param $length
+     * @return bool
      */
-    public function maxLength($str, $length)
+    public static function maxLength($str, $length)
     {
         return (Typecho_Common::strLen($str) < $length);
     }
@@ -207,7 +207,7 @@ class Typecho_Validate
      * @param string
      * @return boolean
      */
-    public function email($str)
+    public static function email($str)
     {
         return preg_match("/^[_a-z0-9-\.]+@([-a-z0-9]+\.)+[a-z]{2,}$/i", $str);
     }
@@ -219,7 +219,7 @@ class Typecho_Validate
      * @param string $str
      * @return boolean
      */
-    public function url($str)
+    public static function url($str)
     {
         $parts = @parse_url($str);
         if (!$parts) {
@@ -238,7 +238,7 @@ class Typecho_Validate
      * @param string
      * @return boolean
      */
-    public function alpha($str)
+    public static function alpha($str)
     {
         return preg_match("/^([a-z])+$/i", $str) ? true : false;
     }
@@ -250,7 +250,7 @@ class Typecho_Validate
      * @param string
      * @return boolean
      */
-    public function alphaNumeric($str)
+    public static function alphaNumeric($str)
     {
         return preg_match("/^([a-z0-9])+$/i", $str);
     }
@@ -262,7 +262,7 @@ class Typecho_Validate
      * @param string
      * @return boolean
      */
-    public function alphaDash($str)
+    public static function alphaDash($str)
     {
         return preg_match("/^([_a-z0-9-])+$/i", $str) ? true : false;
     }
@@ -274,7 +274,7 @@ class Typecho_Validate
      * @param string $str
      * @return boolean
      */
-    public function xssCheck($str)
+    public static function xssCheck($str)
     {
         $search = 'abcdefghijklmnopqrstuvwxyz';
         $search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
@@ -291,7 +291,7 @@ class Typecho_Validate
             $str = preg_replace('/(&#0{0,8}'.ord($search[$i]).';?)/', $search[$i], $str); // with a ;
         }
 
-        return !preg_match('/(\(|\)|\\\|"|<|>|[\x00-\x08]|[\x0b-\x0c]|[\x0e-\x19])/', $str);
+        return !preg_match('/(\(|\)|\\\|"|<|>|[\x00-\x08]|[\x0b-\x0c]|[\x0e-\x19]|' . "\r|\n|\t" . ')/', $str);
     }
 
     /**
@@ -301,9 +301,9 @@ class Typecho_Validate
      * @param integer
      * @return boolean
      */
-    public function isFloat($str)
+    public static function isFloat($str)
     {
-        return ereg("^[0-9\.]+$", $str);
+        return preg_match("/^[0-9\.]+$/", $str);
     }
 
     /**
@@ -313,7 +313,7 @@ class Typecho_Validate
      * @param string
      * @return boolean
      */
-    public function isInteger($str)
+    public static function isInteger($str)
     {
         return is_numeric($str);
     }

var/Widget/Contents/Post/Edit.php

@@ -589,6 +589,7 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg
     {
         $tags = str_replace('，', ',', $tags);
         $tags = array_unique(array_map('trim', explode(',', $tags)));
+        $tags = array_filter($tags, array('Typecho_Validate', 'xssCheck'));
 
         /** 取出已有tag */
         $existTags = Typecho_Common::arrayFlatten($this->db->fetchAll(
@@ -601,6 +602,10 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg
         /** 删除已有tag */
         if ($existTags) {
             foreach ($existTags as $tag) {
+                if (0 == strlen($tag)) {
+                    continue;
+                }
+
                 $this->db->query($this->db->delete('table.relationships')
                 ->where('cid = ?', $cid)
                 ->where('mid = ?', $tag));
@@ -619,6 +624,10 @@ class Widget_Contents_Post_Edit extends Widget_Abstract_Contents implements Widg
         /** 插入tag */
         if ($insertTags) {
             foreach ($insertTags as $tag) {
+                if (0 == strlen($tag)) {
+                    continue;
+                }
+
                 $this->db->query($this->db->insert('table.relationships')
                 ->rows(array(
                     'mid'  =>   $tag,

var/Widget/Metas/Tag/Edit.php

@@ -267,7 +267,7 @@ class Widget_Metas_Tag_Edit extends Widget_Abstract_Metas implements Widget_Inte
      */
     public function deleteTag()
     {
-        $tags = $this->request->filter('int')->mid;
+        $tags = $this->request->filter('int')->getArray('mid');
         $deleteCount = 0;
 
         if ($tags && is_array($tags)) {