From 5008d8cefe3ffc9000cc10472ca61bf29c2d42f7 Mon Sep 17 00:00:00 2001 From: Marius Burkard Date: Mon, 1 Jan 2018 16:30:59 +0100 Subject: [PATCH] - further XSS fixes for #4902 (reflected XSS) --- interface/lib/app.inc.php | 8 ++++---- interface/lib/classes/plugin_listview.inc.php | 8 ++++---- interface/web/client/client_message.php | 6 +++--- interface/web/dns/dns_wizard.php | 2 +- interface/web/index.php | 4 ++-- interface/web/login/index.php | 2 +- interface/web/login/password_reset.php | 2 +- interface/web/sites/web_childdomain_list.php | 2 +- interface/web/sites/web_vhost_domain_list.php | 2 +- interface/web/tools/dns_import_tupa.php | 8 ++++---- interface/web/tools/import_ispconfig.php | 6 +++--- interface/web/tools/import_vpopmail.php | 10 +++++----- 12 files changed, 30 insertions(+), 30 deletions(-) diff --git a/interface/lib/app.inc.php b/interface/lib/app.inc.php index edbba27c7..f5c2c1886 100755 --- a/interface/lib/app.inc.php +++ b/interface/lib/app.inc.php @@ -298,14 +298,14 @@ class app { $this->tpl->setVar('phpsessid', session_id()); - $this->tpl->setVar('theme', $_SESSION['s']['theme']); + $this->tpl->setVar('theme', $_SESSION['s']['theme'], true); $this->tpl->setVar('html_content_encoding', $this->_conf['html_content_encoding']); $this->tpl->setVar('delete_confirmation', $this->lng('delete_confirmation')); //print_r($_SESSION); if(isset($_SESSION['s']['module']['name'])) { - $this->tpl->setVar('app_module', $_SESSION['s']['module']['name']); - $this->tpl->setVar('session_module', $_SESSION['s']['module']['name']); + $this->tpl->setVar('app_module', $_SESSION['s']['module']['name'], true); + $this->tpl->setVar('session_module', $_SESSION['s']['module']['name'], true); } if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') { $this->tpl->setVar('is_admin', 1); @@ -315,7 +315,7 @@ class app { } /* Show username */ if(isset($_SESSION['s']['user'])) { - $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username']); + $this->tpl->setVar('cpuser', $_SESSION['s']['user']['username'], true); $this->tpl->setVar('logout_txt', $this->lng('logout_txt')); /* Show search field only for normal users, not mail users */ if(stristr($_SESSION['s']['user']['username'], '@')){ diff --git a/interface/lib/classes/plugin_listview.inc.php b/interface/lib/classes/plugin_listview.inc.php index bc764caef..c9d8340e0 100644 --- a/interface/lib/classes/plugin_listview.inc.php +++ b/interface/lib/classes/plugin_listview.inc.php @@ -56,7 +56,7 @@ class plugin_listview extends plugin_base { // $app->listform->listDef["page_params"] = "&id=".$app->tform_actions->id."&next_tab=".$_SESSION["s"]["form"]["tab"]; $app->listform->listDef["page_params"] = "&id=".$this->form->id."&next_tab=".$_SESSION["s"]["form"]["tab"]; $listTpl->setVar('parent_id', $this->form->id); - $listTpl->setVar('theme', $_SESSION['s']['theme']); + $listTpl->setVar('theme', $_SESSION['s']['theme'], true); // Generate the SQL for searching $sql_where = ""; @@ -193,13 +193,13 @@ class plugin_listview extends plugin_base { $listTpl->setVar('phpsessid', session_id()); - $listTpl->setVar('theme', $_SESSION['s']['theme']); + $listTpl->setVar('theme', $_SESSION['s']['theme'], true); $listTpl->setVar('html_content_encoding', $app->_conf['html_content_encoding']); $listTpl->setVar('delete_confirmation', $app->lng('delete_confirmation')); //print_r($_SESSION); if(isset($_SESSION['s']['module']['name'])) { - $listTpl->setVar('app_module', $_SESSION['s']['module']['name']); + $listTpl->setVar('app_module', $_SESSION['s']['module']['name'], true); } if(isset($_SESSION['s']['user']) && $_SESSION['s']['user']['typ'] == 'admin') { $listTpl->setVar('is_admin', 1); @@ -209,7 +209,7 @@ class plugin_listview extends plugin_base { } /* Show username */ if(isset($_SESSION['s']['user'])) { - $listTpl->setVar('cpuser', $_SESSION['s']['user']['username']); + $listTpl->setVar('cpuser', $_SESSION['s']['user']['username'], true); $listTpl->setVar('logout_txt', $app->lng('logout_txt')); /* Show search field only for normal users, not mail users */ if(stristr($_SESSION['s']['user']['username'], '@')){ diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php index eb8bcdbae..b4638bd21 100644 --- a/interface/web/client/client_message.php +++ b/interface/web/client/client_message.php @@ -114,9 +114,9 @@ if(isset($_POST) && count($_POST) > 1) { } } else { - $app->tpl->setVar('sender', $_POST['sender']); - $app->tpl->setVar('subject', $_POST['subject']); - $app->tpl->setVar('message', $_POST['message']); + $app->tpl->setVar('sender', $_POST['sender'], true); + $app->tpl->setVar('subject', $_POST['subject'], true); + $app->tpl->setVar('message', $_POST['message'], true); } } else { // pre-fill Sender field with reseller's email address diff --git a/interface/web/dns/dns_wizard.php b/interface/web/dns/dns_wizard.php index 0e955bee0..32112560a 100644 --- a/interface/web/dns/dns_wizard.php +++ b/interface/web/dns/dns_wizard.php @@ -183,7 +183,7 @@ if(is_array($fields)) { } else { $app->tpl->setVar($field."_VISIBLE", 1); $field = strtolower($field); - $app->tpl->setVar($field, $_POST[$field]); + $app->tpl->setVar($field, $_POST[$field], true); } } } diff --git a/interface/web/index.php b/interface/web/index.php index 4a2103208..1bccb1ebe 100644 --- a/interface/web/index.php +++ b/interface/web/index.php @@ -41,7 +41,7 @@ if(!isset($_SESSION['s']['module']['name'])) $_SESSION['s']['module']['name'] = $app->uses('tpl'); $app->tpl->newTemplate('main.tpl.htm'); -$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : ''); +$app->tpl->setVar('startpage', isset($_SESSION['s']['module']['startpage']) ? $_SESSION['s']['module']['startpage'] : '', true); $app->tpl->setVar('logged_in', ($_SESSION['s']['user']['active'] != 1 ? 'n' : 'y')); // tab change warning? @@ -93,7 +93,7 @@ if(@is_dir($js_d)) { if (!empty($js_d_files)) $app->tpl->setLoop('js_d_includes', $js_d_files); unset($js_d_files); -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); // Logo $logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); diff --git a/interface/web/login/index.php b/interface/web/login/index.php index bccf4330a..441de353c 100644 --- a/interface/web/login/index.php +++ b/interface/web/login/index.php @@ -340,7 +340,7 @@ $app->tpl->setVar('login_button_txt', $app->lng('login_button_txt')); $app->tpl->setVar('session_timeout', $server_config_array['session_timeout']); $app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']); //$app->tpl->setInclude('content_tpl', 'login/templates/index.htm'); -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); //die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); // Logo diff --git a/interface/web/login/password_reset.php b/interface/web/login/password_reset.php index c0d454cd3..e6976bff7 100644 --- a/interface/web/login/password_reset.php +++ b/interface/web/login/password_reset.php @@ -156,7 +156,7 @@ if(isset($_POST['username']) && $_POST['username'] != '' && $_POST['email'] != ' if(isset($_POST) && count($_POST) > 0) $app->tpl->setVar("msg", $wb['pw_error_noinput']); } -$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); +$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default', true); // Logo $logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); diff --git a/interface/web/sites/web_childdomain_list.php b/interface/web/sites/web_childdomain_list.php index a4e953c07..f445c4b50 100644 --- a/interface/web/sites/web_childdomain_list.php +++ b/interface/web/sites/web_childdomain_list.php @@ -56,7 +56,7 @@ $_SESSION['s']['var']['childdomain_type'] = $show_type; class list_action extends listform_actions { function onShow() { global $app; - $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type']); + $app->tpl->setVar('childdomain_type', $_SESSION['s']['var']['childdomain_type'], true); parent::onShow(); } diff --git a/interface/web/sites/web_vhost_domain_list.php b/interface/web/sites/web_vhost_domain_list.php index 378eeaaf6..b74fd644f 100644 --- a/interface/web/sites/web_vhost_domain_list.php +++ b/interface/web/sites/web_vhost_domain_list.php @@ -68,7 +68,7 @@ $_SESSION['s']['var']['vhostdomain_type'] = $show_type; class list_action extends listform_actions { function onShow() { global $app; - $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type']); + $app->tpl->setVar('vhostdomain_type', $_SESSION['s']['var']['vhostdomain_type'], true); parent::onShow(); } diff --git a/interface/web/tools/dns_import_tupa.php b/interface/web/tools/dns_import_tupa.php index 849a09768..12bd03529 100644 --- a/interface/web/tools/dns_import_tupa.php +++ b/interface/web/tools/dns_import_tupa.php @@ -50,10 +50,10 @@ if(isset($_POST['start']) && $_POST['start'] == 1) { $app->auth->csrf_token_check(); //* Set variable sin template - $app->tpl->setVar('dbhost', $_POST['dbhost']); - $app->tpl->setVar('dbname', $_POST['dbname']); - $app->tpl->setVar('dbuser', $_POST['dbuser']); - $app->tpl->setVar('dbpassword', $_POST['dbpassword']); + $app->tpl->setVar('dbhost', $_POST['dbhost'], true); + $app->tpl->setVar('dbname', $_POST['dbname'], true); + $app->tpl->setVar('dbuser', $_POST['dbuser'], true); + $app->tpl->setVar('dbpassword', $_POST['dbpassword'], true); //* Establish connection to external database $msg .= 'Connecting to external database...
'; diff --git a/interface/web/tools/import_ispconfig.php b/interface/web/tools/import_ispconfig.php index c43b15b7e..0e7763dd9 100644 --- a/interface/web/tools/import_ispconfig.php +++ b/interface/web/tools/import_ispconfig.php @@ -142,9 +142,9 @@ if(isset($_POST['connected'])) { } -$app->tpl->setVar('remote_server', $_POST['remote_server']); -$app->tpl->setVar('remote_user', $_POST['remote_user']); -$app->tpl->setVar('remote_password', $_POST['remote_password']); +$app->tpl->setVar('remote_server', $_POST['remote_server'], true); +$app->tpl->setVar('remote_user', $_POST['remote_user'], true); +$app->tpl->setVar('remote_password', $_POST['remote_password'], true); $app->tpl->setVar('connected', $connected); $app->tpl->setVar('remote_session_id', $remote_session_id); $app->tpl->setVar('msg', $msg); diff --git a/interface/web/tools/import_vpopmail.php b/interface/web/tools/import_vpopmail.php index 9e560cdf3..3ef87710e 100644 --- a/interface/web/tools/import_vpopmail.php +++ b/interface/web/tools/import_vpopmail.php @@ -84,11 +84,11 @@ if(isset($_POST['db_hostname']) && $_POST['db_hostname'] != '') { $_POST['local_server_id'] = 1; } -$app->tpl->setVar('db_hostname', $_POST['db_hostname']); -$app->tpl->setVar('db_user', $_POST['db_user']); -$app->tpl->setVar('db_password', $_POST['db_password']); -$app->tpl->setVar('db_name', $_POST['db_name']); -$app->tpl->setVar('local_server_id', $_POST['local_server_id']); +$app->tpl->setVar('db_hostname', $_POST['db_hostname'], true); +$app->tpl->setVar('db_user', $_POST['db_user'], true); +$app->tpl->setVar('db_password', $_POST['db_password'], true); +$app->tpl->setVar('db_name', $_POST['db_name'], true); +$app->tpl->setVar('local_server_id', $_POST['local_server_id'], true); $app->tpl->setVar('msg', $msg); $app->tpl->setVar('error', $error); -- GitLab