Skip to content

Commit

Permalink
Fixed issue #12234: [security] XSS in upload files
Browse files Browse the repository at this point in the history
  • Loading branch information
@Shnoulle
Shnoulle committed Mar 28, 2017
1 parent bfded0f commit 5abf08f
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 13 deletions.
12 changes: 6 additions & 6 deletions scripts/modaldialog.js
View file
Expand Up @@ -56,15 +56,15 @@ function openUploadModalDialog(){
});
});
}
$(window).resize(function() {
$(window).resize(function() {
setWidthUploader();
if(typeof $("iframe#uploader")[0]!=="undefined" && jQuery.isFunction($("iframe#uploader")[0].contentWindow.fixParentHeigth))
$("iframe#uploader")[0].contentWindow.fixParentHeigth();
});
/* Reset the position of the dialog (recenter) */
function resetUploaderPosition(){
$( "#uploader" ).dialog( "option", "position", $( "#uploader" ).dialog( "option", "position" ) );

}
/* Set the with of upload madal and uploader frame according to windows width */
function setWidthUploader(){
Expand Down Expand Up @@ -133,10 +133,10 @@ function displayUploadedFiles(jsonstring, filecount, fieldname, show_title, show
display += '<tr><td class="upload placeholder"><div class="upload-placeholder" /></td>';

if (show_title != 0)
display += '<td class="upload title">'+jsonobj[i].title+'</td>';
if (show_comment != 0)
display += '<td class="upload comment">'+jsonobj[i].comment+'</td>';
display +='<td class="upload edit">'+decodeURIComponent(jsonobj[i].name)+'</td><td>'+'<a class="upload-edit" onclick="javascript:upload_'+fieldname+'();$(\'#upload_'+fieldname+'\').click();">'+uploadLang.editFile+'</a></td></tr>';
display += '<td class="upload title">'+htmlspecialchars(jsonobj[i].title)+'</td>';
if (show_comment != 0)
display += '<td class="upload comment">'+htmlspecialchars(jsonobj[i].comment)+'</td>';
display +='<td class="upload edit">'+htmlspecialchars(decodeURIComponent(jsonobj[i].name))+'</td><td>'+'<a class="upload-edit" onclick="javascript:upload_'+fieldname+'();$(\'#upload_'+fieldname+'\').click();">'+uploadLang.editFile+'</a></td></tr>';
}
display += '</tbody></table>';

Expand Down
14 changes: 7 additions & 7 deletions scripts/uploader.js
View file
Expand Up @@ -40,9 +40,9 @@ function doFileUpload(){
previewblock += "<img src='"+uploadurl+"/filegetcontents/"+json[i-1].filename+"' onload='fixParentHeigth()' class='uploaded' />";
else
previewblock += "<div class='upload-placeholder' />";
previewblock += "<span class='file-name'>"+decodeURIComponent(json[i-1].name)+"</span>";
previewblock += "<span class='file-name'>"+escapeHtml(decodeURIComponent(json[i-1].name))+"</span>";
previewblock += "</div>";

if ($('#'+fieldname+'_show_title').val() == 1 || $('#'+fieldname+'_show_comment').val() == 1)
{
previewblock +="<div class='file-info'><fieldset>";
Expand Down Expand Up @@ -166,7 +166,7 @@ function doFileUpload(){
previewblock += "<img src='"+uploadurl+"/filegetcontents/"+decodeURIComponent(metadata.filename)+"' onload='fixParentHeigth()' class='uploaded' />";
else
previewblock += "<div class='upload-placeholder' />";
previewblock += "<span class='file-name'>"+decodeURIComponent(metadata.name)+"<span>";
previewblock += "<span class='file-name'>"+escapeHtml(decodeURIComponent(metadata.name))+"<span>";
previewblock += "</div>";

if ($('#'+fieldname+'_show_title').val() == 1 || $('#'+fieldname+'_show_comment').val() == 1)
Expand Down Expand Up @@ -215,7 +215,7 @@ function doFileUpload(){
$('#notice').html('<p class="error">'+metadata.msg+'</p>');
fixParentHeigth();
}

}
});

Expand Down Expand Up @@ -293,13 +293,13 @@ function deletefile(fieldname, count) {

var filecount = parseInt($('#'+fieldname+'_filecount').val());
var licount = parseInt($('#'+fieldname+'_licount').val());

$.ajax(
{
method: "POST",
url: uploadurl,
data: {
'delete': 1,
data: {
'delete': 1,
'fieldname': fieldname,
'filename' : filename,
'name' : name,
Expand Down

0 comments on commit 5abf08f

Please sign in to comment.