Skip to content

Commit

Permalink
Fixed issue #16591: Lime Survey 4.3.10+200812 Stored Cross Site Scrip…
Browse files Browse the repository at this point in the history 
…ting (Survey Menu) (#1557)

Fixed issue #16591: Lime Survey 4.3.10+200812 Stored Cross Site Scripting (Survey Menu)
Fixed issue #16592: Lime Survey 4.3.10+200812 Stored Cross Site Scripting (User Details)
Fixed issue #16593: Lime Survey 4.3.10+200812 Stored Cross Site Scripting (UserName)
Fixed issue #16594: Lime Survey 4.3.10+200812 Stored Cross Site Scripting (Permission Roles)

Flattening everywhere
  • Loading branch information
@gabrieljenik
gabrieljenik committed Aug 19, 2020
1 parent 5ee728a commit 3712854
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 1 deletion.
6 changes: 5 additions & 1 deletion application/controllers/UserManagementController.php
View file
Expand Up @@ -109,6 +109,10 @@ public function actionApplyEdit()
}

$aUser = Yii::app()->request->getParam('User');
// Sanitize full name to prevent XSS attack
if (isset($aUser['full_name'])) {
$aUser['full_name'] = flattenText($aUser['full_name'], false, true);
}
$passwordTest = Yii::app()->request->getParam('password_repeat', false);
if (!empty($passwordTest)) {
if ($passwordTest !== $aUser['password']) {
Expand Down Expand Up @@ -181,7 +185,7 @@ public function actionRunAddDummyUser()
$times = App()->request->getParam('times', 5);
$passwordSize = (int) App()->request->getParam('passwordsize', 5);
$passwordSize = $passwordSize < 8 || is_nan($passwordSize) ? 8 : $passwordSize;
$prefix = App()->request->getParam('prefix', 'randuser_');
$prefix = flattenText(App()->request->getParam('prefix', 'randuser_'));
$email = App()->request->getParam('email', User::model()->findByPk(App()->user->id)->email);

$randomUsers = [];
Expand Down
7 changes: 7 additions & 0 deletions application/controllers/admin/SurveymenuController.php
View file
Expand Up @@ -63,6 +63,13 @@ public function update($id = 0)
$success = false;
if (Yii::app()->request->isPostRequest) {
$aSurveymenu = Yii::app()->request->getPost('Surveymenu', []);
// Sanitize title and description to prevent XSS attack
if (isset($aSurveymenu['title'])) {
$aSurveymenu['title'] = flattenText($aSurveymenu['title'], false, true);
}
if (isset($aSurveymenu['description'])) {
$aSurveymenu['description'] = flattenText($aSurveymenu['description'], false, true);
}
if ($aSurveymenu['id'] == '') {
unset($aSurveymenu['id']);
$aSurveymenu['created_at'] = date('Y-m-d H:i:s');
Expand Down

0 comments on commit 3712854

Please sign in to comment.