Changeset 3297:10ef6e5a76d1

Timestamp:

08/03/16 17:38:39 (9 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Fix somes vulnerabilities in blogroll plugin, thanks Onur Yılmaz - Netsparker ( https://www.netsparker.com)

Files:

• CHANGELOG (modified) (1 diff)
• plugins/blogroll/edit.php (modified) (3 diffs)
• plugins/blogroll/index.php (modified) (3 diffs)

CHANGELOG

@@ -5 +5 @@
 * Security: Prevents sort of SSRF/XSPA vulnerability in feed import, thanks wiswat
 * Security: Prevents reflected XSS in meda manager, thanks Chen Ruiqi
+* Security: Fix somes vulnerabilities in blogroll plugin, thanks Onur Yılmaz - Netsparker (https://www.netsparker.com)
 * Fix mix-content preview
 * Pure CSS3 sticky footer for admin pages (aka « footer de merde »)

plugins/blogroll/edit.php

@@ -12 +12 @@
 if (!defined('DC_CONTEXT_ADMIN')) { return; }
 
-$id = $_REQUEST['id'];
+$id = html::escapeHTML($_REQUEST['id']);
 
 try {
@@ -33 +33 @@
 if (isset($rs) && !$rs->is_cat && !empty($_POST['edit_link']))
 {
-     $link_title = $_POST['link_title'];
-     $link_href = $_POST['link_href'];
-     $link_desc = $_POST['link_desc'];
-     $link_lang = $_POST['link_lang'];
+     $link_title = html::escapeHTML($_POST['link_title']);
+     $link_href = html::escapeHTML($_POST['link_href']);
+     $link_desc = html::escapeHTML($_POST['link_desc']);
+     $link_lang = html::escapeHTML($_POST['link_lang']);
 
      $link_xfn = '';
@@ -79 +79 @@
 if (isset($rs) && $rs->is_cat && !empty($_POST['edit_cat']))
 {
-     $link_desc = $_POST['link_desc'];
+     $link_desc = html::escapeHTML($_POST['link_desc']);
 
      try {

plugins/blogroll/index.php

@@ -59 +59 @@
 if (!empty($_POST['import_links_do'])) {
      foreach ($_POST['entries'] as $idx) {
-          $link_title = $_POST['title'][$idx];
-          $link_href  = $_POST['url'][$idx];
-          $link_desc  = $_POST['desc'][$idx];
+          $link_title = html::escapeHTML($_POST['title'][$idx]);
+          $link_href  = html::escapeHTML($_POST['url'][$idx]);
+          $link_desc  = html::escapeHTML($_POST['desc'][$idx]);
           try {
                $blogroll->addLink($link_title,$link_href,$link_desc,'');
@@ -82 +82 @@
 if (!empty($_POST['add_link']))
 {
-     $link_title = $_POST['link_title'];
-     $link_href = $_POST['link_href'];
-     $link_desc = $_POST['link_desc'];
-     $link_lang = $_POST['link_lang'];
+     $link_title = html::escapeHTML($_POST['link_title']);
+     $link_href = html::escapeHTML($_POST['link_href']);
+     $link_desc = html::escapeHTML($_POST['link_desc']);
+     $link_lang = html::escapeHTML($_POST['link_lang']);
 
      try {
@@ -101 +101 @@
 if (!empty($_POST['add_cat']))
 {
-     $cat_title = $_POST['cat_title'];
+     $cat_title = html::escapeHTML($_POST['cat_title']);
 
      try {