Fixed issue #8398: XSS issue in label sets administration and path/SQ…

…L revelation issue in usergroup administration Dev Partial fix
LimeSurvey · Nov 22, 2013 · 5788c57 · Shnoulle · Nov 22, 2013 · 5788c57
1 parent 5cb0e00
commit 5788c57
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/application/controllers/admin/usergroups.php b/application/controllers/admin/usergroups.php
@@ -174,13 +174,13 @@ public function add()
 
                 if (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) {
                     $db_group_name = $_POST['group_name'];
-                    $db_group_description = $_POST['group_description'];
-
+                    $db_group_name = flattenText($_POST['group_name'],false,true,'UTF-8',true);
+                
                     if (isset($db_group_name) && strlen($db_group_name) > 0) {
                         if (strlen($db_group_name) > 21) {
                             list($aViewUrls, $aData) = $this->index(false, array("type" => "warning", "message" => $clang->gT("Failed to add group! Group name length more than 20 characters.")));
                         }
-                        elseif (User_groups::model()->find("name='$db_group_name'")) {
+                        elseif (User_groups::model()->find("name=:groupName", array(':groupName'=>$db_group_name))) {
                             list($aViewUrls, $aData) = $this->index(false, array("type" => "warning", "message" => $clang->gT("Failed to add group! Group already exists.")));
                         }
                         else

diff --git a/application/helpers/admin/label_helper.php b/application/helpers/admin/label_helper.php
@@ -98,7 +98,7 @@ function insertlabelset()
     $clang = Yii::app()->lang;
 
     $postlanguageids=sanitize_languagecodeS(Yii::app()->getRequest()->getPost('languageids'));
-    $postlabel_name=Yii::app()->getRequest()->getPost('label_name');
+    $postlabel_name=flattenText(Yii::app()->getRequest()->getPost('label_name'),false,true,'UTF-8',true);
 
     $data = array(
     'label_name' => $postlabel_name,

diff --git a/application/views/admin/labels/labelsetsbar_view.php b/application/views/admin/labels/labelsetsbar_view.php
@@ -27,7 +27,7 @@
                         { ?>
                         <option value='<?php echo $this->createUrl("admin/labels/sa/view/lid/".$lb[0]); ?>'
                             <?php if ($lb[0] == $lid) { ?> selected='selected' <?php } ?>
-                            ><?php echo $lb[1]; ?></option>
+                            ><?php echo htmlspecialchars($lb[1],ENT_QUOTES); ?></option>
                         <?php }
                 } ?>