Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
Massimiliano
ISPConfig 3
Commits
1e232fff
Commit
1e232fff
authored
Dec 29, 2017
by
Till Brehm
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fixed
#4893
Stored XSS issue in email name field
parent
42cfa6e7
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
24 additions
and
17 deletions
+24
-17
interface/lib/classes/listform.inc.php
interface/lib/classes/listform.inc.php
+3
-11
interface/lib/classes/quota_lib.inc.php
interface/lib/classes/quota_lib.inc.php
+2
-1
interface/lib/classes/tform_base.inc.php
interface/lib/classes/tform_base.inc.php
+13
-5
interface/web/mail/form/mail_user.tform.php
interface/web/mail/form/mail_user.tform.php
+6
-0
No files found.
interface/lib/classes/listform.inc.php
View file @
1e232fff
...
...
@@ -179,6 +179,7 @@ class listform {
&&
$k
==
$_SESSION
[
'search'
][
$list_name
][
$search_prefix
.
$field
]
&&
$_SESSION
[
'search'
][
$list_name
][
$search_prefix
.
$field
]
!=
''
)
?
' SELECTED'
:
''
;
$v
=
$app
->
functions
->
htmlentities
(
$v
);
$out
.
=
"<option value='
$k
'
$selected
>
$v
</option>
\r\n
"
;
}
}
...
...
@@ -610,17 +611,8 @@ class listform {
}
function
escapeArrayValues
(
$search_values
)
{
global
$conf
;
$out
=
array
();
if
(
is_array
(
$search_values
))
{
foreach
(
$search_values
as
$key
=>
$val
)
{
$out
[
$key
]
=
htmlentities
(
$val
,
ENT_QUOTES
,
$conf
[
"html_content_encoding"
]);
}
}
return
$out
;
global
$app
;
return
$app
->
functions
->
htmlentities
(
$search_values
);
}
}
...
...
interface/lib/classes/quota_lib.inc.php
View file @
1e232fff
...
...
@@ -243,7 +243,8 @@ class quota_lib {
if
(
is_array
(
$emails
)
&&
!
empty
(
$emails
)){
for
(
$i
=
0
;
$i
<
sizeof
(
$emails
);
$i
++
){
$email
=
$emails
[
$i
][
'email'
];
$emails
[
$i
][
'name'
]
=
$app
->
functions
->
htmlentities
(
$emails
[
$i
][
'name'
]);
$emails
[
$i
][
'used'
]
=
isset
(
$monitor_data
[
$email
][
'used'
])
?
$monitor_data
[
$email
][
'used'
]
:
array
(
1
=>
0
);
if
(
!
is_numeric
(
$emails
[
$i
][
'used'
]))
$emails
[
$i
][
'used'
]
=
$emails
[
$i
][
'used'
][
1
];
...
...
interface/lib/classes/tform_base.inc.php
View file @
1e232fff
...
...
@@ -475,6 +475,7 @@ class tform_base {
$selected
=
(
$k
==
$val
)
?
' SELECTED'
:
''
;
if
(
isset
(
$this
->
wordbook
[
$v
]))
$v
=
$this
->
wordbook
[
$v
];
$v
=
$app
->
functions
->
htmlentities
(
$v
);
$out
.
=
"<option value='
$k
'
$selected
>"
.
$this
->
lng
(
$v
)
.
"</option>
\r\n
"
;
}
}
...
...
@@ -494,7 +495,7 @@ class tform_base {
foreach
(
$vals
as
$tvl
)
{
if
(
trim
(
$tvl
)
==
trim
(
$k
))
$selected
=
' SELECTED'
;
}
$v
=
$app
->
functions
->
htmlentities
(
$v
);
$out
.
=
"<option value='
$k
'
$selected
>
$v
</option>
\r\n
"
;
}
}
...
...
@@ -577,7 +578,7 @@ class tform_base {
default
:
if
(
isset
(
$record
[
$key
]))
{
$new_record
[
$key
]
=
htmlspecialchar
s
(
$record
[
$key
]);
$new_record
[
$key
]
=
$app
->
functions
->
htmlentitie
s
(
$record
[
$key
]);
}
else
{
$new_record
[
$key
]
=
''
;
}
...
...
@@ -608,7 +609,8 @@ class tform_base {
$out
=
''
;
foreach
(
$field
[
'value'
]
as
$k
=>
$v
)
{
$selected
=
(
$k
==
$field
[
"default"
])
?
' SELECTED'
:
''
;
$out
.
=
"<option value='
$k
'
$selected
>"
.
$this
->
lng
(
$v
)
.
"</option>
\r\n
"
;
$v
=
$app
->
functions
->
htmlentities
(
$this
->
lng
(
$v
));
$out
.
=
"<option value='
$k
'
$selected
>"
.
$v
.
"</option>
\r\n
"
;
}
}
if
(
isset
(
$out
))
$new_record
[
$key
]
=
$out
;
...
...
@@ -622,7 +624,7 @@ class tform_base {
// HTML schreiben
$out
=
''
;
foreach
(
$field
[
'value'
]
as
$k
=>
$v
)
{
$v
=
$app
->
functions
->
htmlentities
(
$v
);
$out
.
=
"<option value='
$k
'>
$v
</option>
\r\n
"
;
}
}
...
...
@@ -693,7 +695,7 @@ class tform_base {
break
;
default
:
$new_record
[
$key
]
=
htmlspecialchar
s
(
$field
[
'default'
]);
$new_record
[
$key
]
=
$app
->
functions
->
htmlentitie
s
(
$field
[
'default'
]);
}
}
...
...
@@ -911,6 +913,12 @@ class tform_base {
case
'NOWHITESPACE'
:
$returnval
=
preg_replace
(
'/\s+/'
,
''
,
$returnval
);
break
;
case
'STRIPTAGS'
:
$returnval
=
strip_tags
(
preg_replace
(
'/<script[^>]*>/is'
,
''
,
$returnval
));
break
;
case
'STRIPNL'
:
$returnval
=
str_replace
(
array
(
"
\n
"
,
"
\r
"
),
''
,
$returnval
);
break
;
default
:
$this
->
errorMessage
.
=
"Unknown Filter: "
.
$filter
[
'type'
];
break
;
...
...
interface/web/mail/form/mail_user.tform.php
View file @
1e232fff
...
...
@@ -144,6 +144,12 @@ $form["tabs"]['mailuser'] = array(
'name'
=>
array
(
'datatype'
=>
'VARCHAR'
,
'formtype'
=>
'TEXT'
,
'filters'
=>
array
(
0
=>
array
(
'event'
=>
'SAVE'
,
'type'
=>
'STRIPTAGS'
),
1
=>
array
(
'event'
=>
'SAVE'
,
'type'
=>
'STRIPNL'
)
),
'default'
=>
''
,
'value'
=>
''
,
'width'
=>
'30'
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment