Commit 1e232fff authored by Till Brehm's avatar Till Brehm

Fixed #4893 Stored XSS issue in email name field

parent 42cfa6e7
......@@ -179,6 +179,7 @@ class listform {
&& $k == $_SESSION['search'][$list_name][$search_prefix.$field]
&& $_SESSION['search'][$list_name][$search_prefix.$field] != '')
? ' SELECTED' : '';
$v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>$v</option>\r\n";
}
}
......@@ -610,17 +611,8 @@ class listform {
}
function escapeArrayValues($search_values) {
global $conf;
$out = array();
if(is_array($search_values)) {
foreach($search_values as $key => $val) {
$out[$key] = htmlentities($val, ENT_QUOTES, $conf["html_content_encoding"]);
}
}
return $out;
global $app;
return $app->functions->htmlentities($search_values);
}
}
......
......@@ -243,7 +243,8 @@ class quota_lib {
if(is_array($emails) && !empty($emails)){
for($i=0;$i<sizeof($emails);$i++){
$email = $emails[$i]['email'];
$emails[$i]['name'] = $app->functions->htmlentities($emails[$i]['name']);
$emails[$i]['used'] = isset($monitor_data[$email]['used']) ? $monitor_data[$email]['used'] : array(1 => 0);
if (!is_numeric($emails[$i]['used'])) $emails[$i]['used']=$emails[$i]['used'][1];
......
......@@ -475,6 +475,7 @@ class tform_base {
$selected = ($k == $val)?' SELECTED':'';
if(isset($this->wordbook[$v]))
$v = $this->wordbook[$v];
$v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
}
}
......@@ -494,7 +495,7 @@ class tform_base {
foreach($vals as $tvl) {
if(trim($tvl) == trim($k)) $selected = ' SELECTED';
}
$v = $app->functions->htmlentities($v);
$out .= "<option value='$k'$selected>$v</option>\r\n";
}
}
......@@ -577,7 +578,7 @@ class tform_base {
default:
if(isset($record[$key])) {
$new_record[$key] = htmlspecialchars($record[$key]);
$new_record[$key] = $app->functions->htmlentities($record[$key]);
} else {
$new_record[$key] = '';
}
......@@ -608,7 +609,8 @@ class tform_base {
$out = '';
foreach($field['value'] as $k => $v) {
$selected = ($k == $field["default"])?' SELECTED':'';
$out .= "<option value='$k'$selected>".$this->lng($v)."</option>\r\n";
$v = $app->functions->htmlentities($this->lng($v));
$out .= "<option value='$k'$selected>".$v."</option>\r\n";
}
}
if(isset($out)) $new_record[$key] = $out;
......@@ -622,7 +624,7 @@ class tform_base {
// HTML schreiben
$out = '';
foreach($field['value'] as $k => $v) {
$v = $app->functions->htmlentities($v);
$out .= "<option value='$k'>$v</option>\r\n";
}
}
......@@ -693,7 +695,7 @@ class tform_base {
break;
default:
$new_record[$key] = htmlspecialchars($field['default']);
$new_record[$key] = $app->functions->htmlentities($field['default']);
}
}
......@@ -911,6 +913,12 @@ class tform_base {
case 'NOWHITESPACE':
$returnval = preg_replace('/\s+/', '', $returnval);
break;
case 'STRIPTAGS':
$returnval = strip_tags(preg_replace('/<script[^>]*>/is', '', $returnval));
break;
case 'STRIPNL':
$returnval = str_replace(array("\n","\r"),'', $returnval);
break;
default:
$this->errorMessage .= "Unknown Filter: ".$filter['type'];
break;
......
......@@ -144,6 +144,12 @@ $form["tabs"]['mailuser'] = array(
'name' => array (
'datatype' => 'VARCHAR',
'formtype' => 'TEXT',
'filters' => array(
0 => array( 'event' => 'SAVE',
'type' => 'STRIPTAGS'),
1 => array( 'event' => 'SAVE',
'type' => 'STRIPNL')
),
'default' => '',
'value' => '',
'width' => '30',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment