maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Fixing a XSS - vulnerability discovered by tomreyn

Browse Source 
Signed-off-by: Florian Aders (EleRas) <eleras@froxlor.org>
This commit is contained in:
Florian Aders (EleRas)
2011-03-19 13:14:28 +01:00
parent 0f4695a43f
commit 5e0c641a02
3 changed files with 16 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
admin_tickets.php
View File

@@ -655,7 +655,6 @@ elseif($page == 'archive'
{
if($paging->checkDisplay($i))
{
$ticket = htmlentities_array($ticket);
$ticket['lastchange'] = date("d.m.y H:i", $ticket['lastchange']);
if($_cid != $ticket['customerid'])
@@ -690,6 +689,8 @@ elseif($page == 'archive'
$ticket['subject'] = substr($ticket['subject'], 0, 17) . '...';
}
$ticket = htmlentities_array($ticket);
eval("\$tickets.=\"" . getTemplate("ticket/archived_tickets") . "\";");
$count++;
$_cid = $ticket['customerid'];
@@ -732,16 +733,16 @@ elseif($page == 'archive'
}
}
$priorities_options = makecheckbox('priority1', $lng['ticket']['unf_high'], '1');
$priorities_options.= makecheckbox('priority2', $lng['ticket']['unf_normal'], '2');
$priorities_options.= makecheckbox('priority3', $lng['ticket']['unf_low'], '3');
$priorities_options = makecheckbox('priority1', htmlentities($lng['ticket']['unf_high']), '1');
$priorities_options.= makecheckbox('priority2', htmlentities($lng['ticket']['unf_normal']), '2');
$priorities_options.= makecheckbox('priority3', htmlentities($lng['ticket']['unf_low']), '3');
$category_options = '';
$ccount = 0;
$result = $db->query('SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` ORDER BY `name` ASC');
while($row = $db->fetch_array($result))
{
$category_options.= makecheckbox('category' . $ccount, $row['name'], $row['id'], true);
$category_options.= makecheckbox('category' . $ccount, htmlentities($row['name']), $row['id'], true);
$ccount++;
}
@@ -776,8 +777,8 @@ elseif($page == 'archive'
$by = $lng['ticket']['customer'];
}
$subject = $mainticket->Get('subject');
$message = $mainticket->Get('message');
$subject = htmlentities($mainticket->Get('subject'));
$message = htmlentities($mainticket->Get('message'));
eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_main") . "\";");
$result = $db->query('SELECT `name` FROM `' . TABLE_PANEL_TICKET_CATS . '`
WHERE `id`="' . (int)$mainticket->Get('category') . '"');
@@ -798,15 +799,15 @@ elseif($page == 'archive'
$by = $lng['ticket']['customer'];
}
$subject = $subticket->Get('subject');
$message = $subticket->Get('message');
$subject = htmlentities($subticket->Get('subject'));
$message = htmlentities($subticket->Get('message'));
eval("\$ticket_replies.=\"" . getTemplate("ticket/tickets_tickets_list") . "\";");
}
$priorities = makeoption($lng['ticket']['high'], '1', $mainticket->Get('priority'), true, true);
$priorities.= makeoption($lng['ticket']['normal'], '2', $mainticket->Get('priority'), true, true);
$priorities.= makeoption($lng['ticket']['low'], '3', $mainticket->Get('priority'), true, true);
$subject = $mainticket->Get('subject');
$priorities = makeoption($lng['ticket']['high'], '1', htmlentities($mainticket->Get('priority')), true, true);
$priorities.= makeoption($lng['ticket']['normal'], '2', htmlentities($mainticket->Get('priority')), true, true);
$priorities.= makeoption($lng['ticket']['low'], '3', htmlentities($mainticket->Get('priority')), true, true);
$subject = htmlentities($mainticket->Get('subject'));
$ticket_replies_count = $db->num_rows($andere) + 1;
// don't forget the main-ticket!

2
lib/formfields/admin/ticket/formfield.ticket_reply.php
View File

@@ -38,7 +38,7 @@ return array(
'category' => array(
'label' => $lng['ticket']['category'],
'type' => 'label',
'value' => $row['name']
'value' => htmlentities($row['name']),
),
'message' => array(
'style' => 'vertical-align:top;',

2
lib/functions/phphelpers/function.htmlentities_array.php
View File

@@ -29,7 +29,7 @@
* @author Florian Lippert <flo@syscp.org>
*/
function htmlentities_array($subject, $fields = '', $quote_style = ENT_COMPAT, $charset = 'ISO-8859-1')
function htmlentities_array($subject, $fields = '', $quote_style = ENT_QUOTES, $charset = 'ISO-8859-1')
{
if(is_array($subject))
{