Procházet zdrojové kódy

Fix security issue with non-escaped HTML in options page

master
Mahmoud Al-Qudsi před 1 rokem
rodič
revize
c2a7360a3d

+ 1
- 1
bootstrap.php Zobrazit soubor

@@ -55,7 +55,7 @@ class visitors_edits{
55 55
 			]);
56 56
 			global $post;
57 57
 			$new_content = str_replace("#post_link#", get_site_url().'/'.$post->post_name.'/suggestions', stripcslashes($options["propose_edit_link"]));
58
-			$content .= $new_content;	
58
+			$content .= $new_content;
59 59
 		}
60 60
 		return $content;
61 61
 	}

+ 4
- 4
inc/settings.php Zobrazit soubor

@@ -1,4 +1,4 @@
1
-<?php 
1
+<?php
2 2
 	$options=[];
3 3
 	if(isset($_POST["save_settings"])){
4 4
 		$options=[
@@ -8,7 +8,7 @@
8 8
 			"admin_notif_message"=>$_POST["admin_notif_message"],
9 9
 			"visitor_notif_message"=>$_POST["visitor_notif_message"],
10 10
 			"edit_notify_message"=>$_POST["edit_notify_message"],
11
-			"propose_edit_link"=>$_POST["propose_edit_link"]
11
+			"propose_edit_link"=>html_entity_decode($_POST["propose_edit_link"])
12 12
 		];
13 13
 		update_option( "visitors_edits_options", $options );
14 14
 		flashMessage("Settings saved.","");
@@ -29,7 +29,7 @@
29 29
 	<form action="" method="post">
30 30
 		<div class="control">
31 31
 			<label>Propose an edit link</label>
32
-			<input type="text" name="propose_edit_link" value="<?php echo stripcslashes($options['propose_edit_link']) ?>">
32
+			<input type="text" name="propose_edit_link" value="<?php echo htmlentities(stripcslashes($options['propose_edit_link'])) ?>">
33 33
 		</div>
34 34
 		<div class="control">
35 35
 			<label>Admin notification message</label>
@@ -68,4 +68,4 @@ function flashMessage($msg,$type){
68 68
     </div>
69 69
     <?php
70 70
 }
71
-?>
71
+?>

+ 0
- 0
vendor/caxy/php-htmldiff/.gitignore Zobrazit soubor


+ 0
- 0
vendor/caxy/php-htmldiff/.scrutinizer.yml Zobrazit soubor


+ 0
- 0
vendor/ezyang/htmlpurifier/plugins/phorum/.gitignore Zobrazit soubor


Načítá se…
Zrušit
Uložit