From 7226a8991f7908825c869f78231107370cb05b21 Mon Sep 17 00:00:00 2001 From: Sergio <nadalcastalla@gmail.com> Date: Sun, 21 Apr 2019 02:18:24 +0200 Subject: [PATCH] Fix some XSS. --- web/list/directory/index.php | 4 ++-- web/templates/admin/list_dns_rec.html | 4 ++-- web/templates/admin/list_mail_acc.html | 6 +++--- web/templates/user/list_mail_acc.html | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/web/list/directory/index.php b/web/list/directory/index.php index 737e19db..12919b14 100644 --- a/web/list/directory/index.php +++ b/web/list/directory/index.php @@ -24,8 +24,8 @@ if (empty($panel)) { $panel = json_decode(implode('', $output), true); } -$path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : ''; -$path_b = !empty($_REQUEST['dir_b']) ? $_REQUEST['dir_b'] : ''; +$path_a = !empty($_REQUEST['dir_a']) ? htmlentities($_REQUEST['dir_a']) : ''; +$path_b = !empty($_REQUEST['dir_b']) ? htmlentities($_REQUEST['dir_b']) : ''; $GLOBAL_JS = '<script type="text/javascript">GLOBAL.START_DIR_A = "' . $path_a . '";</script>'; $GLOBAL_JS .= '<script type="text/javascript">GLOBAL.START_DIR_B = "' . $path_b . '";</script>'; $GLOBAL_JS .= '<script type="text/javascript">GLOBAL.ROOT_DIR = "' . $panel[$user]['HOME'] . '";</script>'; diff --git a/web/templates/admin/list_dns_rec.html b/web/templates/admin/list_dns_rec.html index a74b8574..24f28103 100644 --- a/web/templates/admin/list_dns_rec.html +++ b/web/templates/admin/list_dns_rec.html @@ -74,11 +74,11 @@ v_unit_id="<?=$key?>" v_section="dns_rec"> <!-- l-unit-toolbar__col --> <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect"> <div class="actions-panel clearfix"> - <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=$_GET['domain']?>&record_id=<?=$data[$key]['ID']?>"><?=__('edit')?> <i></i></a><span class="shortcut enter"> ↵</span></div> + <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>"><?=__('edit')?> <i></i></a><span class="shortcut enter"> ↵</span></div> <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js"> <a id="delete_link_<?=$i?>" class="data-controls do_delete"> <?=__('delete')?> <i class="do_delete"></i> - <input type="hidden" name="delete_url" value="/delete/dns/?domain=<?=$_GET['domain']?>&record_id=<?=$data[$key]['ID']?>&token=<?=$_SESSION['token']?>" /> + <input type="hidden" name="delete_url" value="/delete/dns/?domain=<?=htmlspecialchars($_GET['domain'])?>&record_id=<?=$data[$key]['ID']?>&token=<?=$_SESSION['token']?>" /> <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>"> <p class="confirmation"><?=__('DELETE_RECORD_CONFIRMATION',$data[$key]['RECORD'])?></p> </div> diff --git a/web/templates/admin/list_mail_acc.html b/web/templates/admin/list_mail_acc.html index 5433d732..13495ff6 100644 --- a/web/templates/admin/list_mail_acc.html +++ b/web/templates/admin/list_mail_acc.html @@ -90,11 +90,11 @@ sort-star="<? if($_SESSION['favourites']['MAIL_ACC'][$key."@".$_GET['domain']] = <!-- l-unit-toolbar__col --> <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect"> <div class="actions-panel clearfix"> - <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter"> ↵</span></div> + <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter"> ↵</span></div> <div class="actions-panel__col actions-panel__suspend shortcut-s" key-action="js"> <a id="<?=$spnd_action ?>_link_<?=$i?>" class="data-controls do_<?=$spnd_action?>"> <?=__($spnd_action)?> <i class="do_<?=$spnd_action?>"></i> - <input type="hidden" name="<?=$spnd_action?>_url" value="/<?=$spnd_action?>/mail/?domain=<?=$_GET['domain']?>&account=<?php echo $key ?>&token=<?=$_SESSION['token']?>" /> + <input type="hidden" name="<?=$spnd_action?>_url" value="/<?=$spnd_action?>/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?php echo $key ?>&token=<?=$_SESSION['token']?>" /> <div id="<?=$spnd_action?>_dialog_<?=$i?>" class="confirmation-text-suspention hidden" title="<?=__('Confirmation')?>"> <p class="confirmation"><?=__($spnd_confirmation,$key)?></p> </div> @@ -104,7 +104,7 @@ sort-star="<? if($_SESSION['favourites']['MAIL_ACC'][$key."@".$_GET['domain']] = <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js"> <a id="delete_link_<?=$i?>" class="data-controls do_delete"> <?=__('delete')?> <i class="do_delete"></i> - <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" /> + <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" /> <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>"> <p class="confirmation"><?=__('DELETE_MAIL_ACCOUNT_CONFIRMATION',$key)?></p> </div> diff --git a/web/templates/user/list_mail_acc.html b/web/templates/user/list_mail_acc.html index c7334fa1..8c5ef567 100644 --- a/web/templates/user/list_mail_acc.html +++ b/web/templates/user/list_mail_acc.html @@ -88,11 +88,11 @@ sort-star="<? if($_SESSION['favourites']['MAIL_ACC'][$key."@".$_GET['domain']] = <!-- l-unit-toolbar__col --> <div class="l-unit-toolbar__col l-unit-toolbar__col--right noselect"> <div class="actions-panel clearfix"> - <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter"> ↵</span></div> + <div class="actions-panel__col actions-panel__edit shortcut-enter" key-action="href"><a href="/edit/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>"><?=__('edit')?> <i></i></a><span class="shortcut enter"> ↵</span></div> <div class="actions-panel__col actions-panel__delete shortcut-delete" key-action="js"> <a id="delete_link_<?=$i?>" class="data-controls do_delete"> <?=__('delete')?> <i class="do_delete"></i> - <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=$_GET['domain']?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" /> + <input type="hidden" name="delete_url" value="/delete/mail/?domain=<?=htmlspecialchars($_GET['domain'])?>&account=<?=$key?>&token=<?=$_SESSION['token']?>" /> <div id="delete_dialog_<?=$i?>" class="confirmation-text-delete hidden" title="<?=__('Confirmation')?>"> <p class="confirmation"><?=__('DELETE_MAIL_ACCOUNT_CONFIRMATION',$key)?></p> </div>