Fixing a XSS - vulnerability discovered by tomreyn
Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>
This commit is contained in:
Florian Aders (EleRas)
@@ -655,7 +655,6 @@ elseif($page == 'archive'
|
|||||||
{
|
{
|
||||||
if($paging->checkDisplay($i))
|
if($paging->checkDisplay($i))
|
||||||
{
|
{
|
||||||
$ticket = htmlentities_array($ticket);
|
|
||||||
$ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']);
|
$ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']);
|
||||||
|
|
||||||
if($_cid != $ticket['customerid'])
|
if($_cid != $ticket['customerid'])
|
||||||
@@ -690,6 +689,8 @@ elseif($page == 'archive'
|
|||||||
$ticket['subject'] = substr($ticket['subject'], 0, 17) . '...';
|
$ticket['subject'] = substr($ticket['subject'], 0, 17) . '...';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$ticket = htmlentities_array($ticket);
|
||||||
|
|
||||||
eval("\$tickets.=\"" . getTemplate("ticket/archived_tickets") . "\";");
|
eval("\$tickets.=\"" . getTemplate("ticket/archived_tickets") . "\";");
|
||||||
$count++;
|
$count++;
|
||||||
$_cid = $ticket['customerid'];
|
$_cid = $ticket['customerid'];
|
||||||
@@ -732,16 +733,16 @@ elseif($page == 'archive'
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$priorities_options = makecheckbox('priority1', $lng['ticket']['unf_high'], '1');
|
$priorities_options = makecheckbox('priority1', htmlentities($lng['ticket']['unf_high']), '1');
|
||||||
$priorities_options.= makecheckbox('priority2', $lng['ticket']['unf_normal'], '2');
|
$priorities_options.= makecheckbox('priority2', htmlentities($lng['ticket']['unf_normal']), '2');
|
||||||
$priorities_options.= makecheckbox('priority3', $lng['ticket']['unf_low'], '3');
|
$priorities_options.= makecheckbox('priority3', htmlentities($lng['ticket']['unf_low']), '3');
|
||||||
$category_options = '';
|
$category_options = '';
|
||||||
$ccount = 0;
|
$ccount = 0;
|
||||||
$result = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` ORDER BY `name` ASC');
|
$result = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` ORDER BY `name` ASC');
|
||||||
|
|
||||||
while($row = $db->fetch_array($result))
|
while($row = $db->fetch_array($result))
|
||||||
{
|
{
|
||||||
$category_options.= makecheckbox('category' . $ccount, $row['name'], $row['id'], true);
|
$category_options.= makecheckbox('category' . $ccount, htmlentities($row['name']), $row['id'], true);
|
||||||
$ccount++;
|
$ccount++;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -776,8 +777,8 @@ elseif($page == 'archive'
|
|||||||
$by = $lng['ticket']['customer'];
|
$by = $lng['ticket']['customer'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$subject = $mainticket->Get('subject');
|
$subject = htmlentities($mainticket->Get('subject'));
|
||||||
$message = $mainticket->Get('message');
|
$message = htmlentities($mainticket->Get('message'));
|
||||||
eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_main") . "\";");
|
eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_main") . "\";");
|
||||||
$result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
|
$result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
|
||||||
WHERE `id`="' . (int)$mainticket->Get('category') . '"');
|
WHERE `id`="' . (int)$mainticket->Get('category') . '"');
|
||||||
@@ -798,15 +799,15 @@ elseif($page == 'archive'
|
|||||||
$by = $lng['ticket']['customer'];
|
$by = $lng['ticket']['customer'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$subject = $subticket->Get('subject');
|
$subject = htmlentities($subticket->Get('subject'));
|
||||||
$message = $subticket->Get('message');
|
$message = htmlentities($subticket->Get('message'));
|
||||||
eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_list") . "\";");
|
eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_list") . "\";");
|
||||||
}
|
}
|
||||||
|
|
||||||
$priorities = makeoption($lng['ticket']['high'], '1', $mainticket->Get('priority'), true, true);
|
$priorities = makeoption($lng['ticket']['high'], '1', htmlentities($mainticket->Get('priority')), true, true);
|
||||||
$priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true);
|
$priorities.= makeoption($lng['ticket']['normal'], '2', htmlentities($mainticket->Get('priority')), true, true);
|
||||||
$priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true);
|
$priorities.= makeoption($lng['ticket']['low'], '3', htmlentities($mainticket->Get('priority')), true, true);
|
||||||
$subject = $mainticket->Get('subject');
|
$subject = htmlentities($mainticket->Get('subject'));
|
||||||
$ticket_replies_count = $db->num_rows($andere) + 1;
|
$ticket_replies_count = $db->num_rows($andere) + 1;
|
||||||
|
|
||||||
// don't forget the main-ticket!
|
// don't forget the main-ticket!
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ return array(
|
|||||||
'category' => array(
|
'category' => array(
|
||||||
'label' => $lng['ticket']['category'],
|
'label' => $lng['ticket']['category'],
|
||||||
'type' => 'label',
|
'type' => 'label',
|
||||||
'value' => $row['name']
|
'value' => htmlentities($row['name']),
|
||||||
),
|
),
|
||||||
'message' => array(
|
'message' => array(
|
||||||
'style' => 'vertical-align:top;',
|
'style' => 'vertical-align:top;',
|
||||||
|
|||||||
@@ -29,7 +29,7 @@
|
|||||||
* @author Florian Lippert <flo@syscp.org>
|
* @author Florian Lippert <flo@syscp.org>
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function htmlentities_array($subject, $fields = '', $quote_style = ENT_COMPAT, $charset = 'ISO-8859-1')
|
function htmlentities_array($subject, $fields = '', $quote_style = ENT_QUOTES, $charset = 'ISO-8859-1')
|
||||||
{
|
{
|
||||||
if(is_array($subject))
|
if(is_array($subject))
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user