Home Explore Help
Register Sign In
SKZH
/
ITSSTOOLS
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

#446 XSS vector through the page title

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@1562 a333f486-631f-4898-b8df-5754b55c2be0
romainq 14 years ago
parent
8dba345e7d
commit
d9ef05bb6f
4 changed files with 6 additions and 6 deletions
Unified View Show Diff Stats
  1. 3 3
      application/itopwebpage.class.inc.php
  2. 1 1
      application/itopwizardwebpage.class.inc.php
  3. 1 1
      application/webpage.class.inc.php
  4. 1 1
      setup/setuppage.class.inc.php

+ 3 - 3
application/itopwebpage.class.inc.php
View File 

@@ -569,7 +569,7 @@ EOF
 
         // Make sure that Internet Explorer renders the page using its latest/highest/greatest standards !

         // Make sure that Internet Explorer renders the page using its latest/highest/greatest standards !

         echo "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />\n";

         echo "<meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\" />\n";

         echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";

         echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";

-        echo "<title>{$this->s_title}</title>\n";

+        echo "<title>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</title>\n";

         echo $this->get_base_tag();

         echo $this->get_base_tag();

         // Stylesheets MUST be loaded before any scripts otherwise

         // Stylesheets MUST be loaded before any scripts otherwise

         // jQuery scripts may face some spurious problems (like failing on a 'reload')

         // jQuery scripts may face some spurious problems (like failing on a 'reload')

@@ -750,7 +750,7 @@ EOF
 
 		echo '<div id="left-pane" class="ui-layout-west">';

 		echo '<div id="left-pane" class="ui-layout-west">';

 		echo '<!-- Beginning of the left pane -->';

 		echo '<!-- Beginning of the left pane -->';

 		echo '	<div id="header-logo">';

 		echo '	<div id="header-logo">';

-		echo '	<div id="top-left"></div><div id="logo"><a href="http://www.combodo.com/itop"><img src="../images/itop-logo.png" title="'.self::FilterXSS($sVersionString).'" style="border:0; margin-top:16px; margin-right:40px;"/></a></div>';

+		echo '	<div id="top-left"></div><div id="logo"><a href="http://www.combodo.com/itop"><img src="../images/itop-logo.png" title="'.htmlentities($sVersionString, ENT_QUOTES, 'UTF-8').'" style="border:0; margin-top:16px; margin-right:40px;"/></a></div>';

 		echo '	</div>';

 		echo '	</div>';

 		echo '	<div class="header-menu">';

 		echo '	<div class="header-menu">';

 		echo '		<div class="icon ui-state-default ui-corner-all"><span id="tPinMenu" class="ui-icon ui-icon-pin-w">pin</span></div>';

 		echo '		<div class="icon ui-state-default ui-corner-all"><span id="tPinMenu" class="ui-icon ui-icon-pin-w">pin</span></div>';

@@ -772,7 +772,7 @@ EOF
 
 		echo '<div class="ui-layout-center">';

 		echo '<div class="ui-layout-center">';

 		echo '	<div id="top-bar" style="width:100%">';

 		echo '	<div id="top-bar" style="width:100%">';

 		echo self::FilterXSS($sApplicationBanner);

 		echo self::FilterXSS($sApplicationBanner);

-		echo '		<div id="global-search"><form action="'.utils::GetAbsoluteUrlAppRoot().'pages/UI.php"><table><tr><td></td><td id="g-search-input"><input type="text" name="text" value="'.self::FilterXSS($sText).'"'.$sOnClick.'/></td>';

+		echo '		<div id="global-search"><form action="'.utils::GetAbsoluteUrlAppRoot().'pages/UI.php"><table><tr><td></td><td id="g-search-input"><input type="text" name="text" value="'.$sText.'"'.$sOnClick.'/></td>';

 		echo '<td><input type="image" src="../images/searchBtn.png"/></a></td>';

 		echo '<td><input type="image" src="../images/searchBtn.png"/></a></td>';

 		echo '<td><a style="background:transparent;" href="'.$sOnlineHelpUrl.'" target="_blank"><img style="border:0;padding-left:20px;padding-right:10px;" title="'.Dict::S('UI:Help').'" src="../images/help.png"/></td>';

 		echo '<td><a style="background:transparent;" href="'.$sOnlineHelpUrl.'" target="_blank"><img style="border:0;padding-left:20px;padding-right:10px;" title="'.Dict::S('UI:Help').'" src="../images/help.png"/></td>';

 		echo '<td style="padding-right:20px;padding-left:10px;">'.self::FilterXSS($sLogOffMenu).'</td><td><input type="hidden" name="operation" value="full_text"/></td></tr></table></form></div>';

 		echo '<td style="padding-right:20px;padding-left:10px;">'.self::FilterXSS($sLogOffMenu).'</td><td><input type="hidden" name="operation" value="full_text"/></td></tr></table></form></div>';

+ 1 - 1
application/itopwizardwebpage.class.inc.php
View File 

@@ -48,7 +48,7 @@ class iTopWizardWebPage extends iTopWebPage
 
     		$sStyle = ($iIndex == $this->m_iCurrentStep) ? 'wizActiveStep' : 'wizStep';

     		$sStyle = ($iIndex == $this->m_iCurrentStep) ? 'wizActiveStep' : 'wizStep';

     		$aSteps[] = "<div class=\"$sStyle\"><span>$sStepTitle</span></div>";

     		$aSteps[] = "<div class=\"$sStyle\"><span>$sStepTitle</span></div>";

     	}

     	}

-    	$sWizardHeader = "<div class=\"wizHeader\"><h1>{$this->s_title}</h1>\n".implode("<div class=\"wizSeparator\"><img align=\"bottom\" src=\"../images/wizArrow.gif\"></div>", $aSteps)."<br style=\"clear:both;\"/></div>\n";

+    	$sWizardHeader = "<div class=\"wizHeader\"><h1>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</h1>\n".implode("<div class=\"wizSeparator\"><img align=\"bottom\" src=\"../images/wizArrow.gif\"></div>", $aSteps)."<br style=\"clear:both;\"/></div>\n";

     	$this->s_content = "$sWizardHeader<div class=\"wizContainer\">".$this->s_content."</div>";

     	$this->s_content = "$sWizardHeader<div class=\"wizContainer\">".$this->s_content."</div>";

     	parent::output();

     	parent::output();

 	}

 	}

+ 1 - 1
application/webpage.class.inc.php
View File 

@@ -366,7 +366,7 @@ class WebPage
 
         echo "<html>\n";

         echo "<html>\n";

         echo "<head>\n";

         echo "<head>\n";

 		echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";

 		echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n";

-        echo "<title>{$this->s_title}</title>\n";

+        echo "<title>".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</title>\n";

         echo $this->get_base_tag();

         echo $this->get_base_tag();

         foreach($this->a_linked_scripts as $s_script)

         foreach($this->a_linked_scripts as $s_script)

         {

         {

+ 1 - 1
setup/setuppage.class.inc.php
View File 

@@ -245,7 +245,7 @@ h3.clickable.open {
 
 	

 	

 	public function output()

 	public function output()

 	{

 	{

-		$this->s_content = "<div id=\"header\"><h1><a href=\"http://www.combodo.com/itop\" target=\"_blank\"><img title=\"iTop by Combodo\" src=\"../images/itop-logo.png\"></a>&nbsp;{$this->s_title}</h1>\n</div><div id=\"setup\">{$this->s_content}\n</div>\n";

+		$this->s_content = "<div id=\"header\"><h1><a href=\"http://www.combodo.com/itop\" target=\"_blank\"><img title=\"iTop by Combodo\" src=\"../images/itop-logo.png\"></a>&nbsp;".htmlentities($this->s_title, ENT_QUOTES, 'UTF-8')."</h1>\n</div><div id=\"setup\">{$this->s_content}\n</div>\n";

 		return parent::output();

 		return parent::output();

 	}

 	}