Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed issue #17562: XSS injection in the 'File upload' question type …
…in LimeSurvey version 3.x-LTS (#2044)
  • Loading branch information
gabrieljenik committed Sep 21, 2021
1 parent a5def8a commit d56619a
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 2 deletions.
5 changes: 4 additions & 1 deletion assets/scripts/modaldialog.js
Expand Up @@ -103,7 +103,10 @@ function displayUploadedFiles(jsonstring, filecount, fieldname, show_title, show

if (jsonstring !== '')
{
jsonobj = eval('(' + jsonstring + ')');
var jsonobj = '';
try{
jsonobj = JSON.parse(jsonstring);
} catch(e) {}
display = '<table width="100%" class="question uploadedfiles"><thead><tr><td width="20%">&nbsp;</td>';
if (show_title != 0)
display += '<th>'+uploadLang.headTitle+'</th>';
Expand Down
5 changes: 4 additions & 1 deletion assets/scripts/uploader.js
Expand Up @@ -38,7 +38,10 @@ function doFileUpload()
if (filecount > 0)
{
var jsontext = window.parent.window.$('#' + fieldname).val();
var json = eval('(' + jsontext + ')');
var json = '';
try{
json = JSON.parse(jsontext);
} catch(e) {}
if ($('#field' + fieldname + '_listfiles').length == 0)
{
$("<ul id='field" + fieldname + "_listfiles' class='files-list' />").insertAfter("#uploadstatus");
Expand Down

1 comment on commit d56619a

@TrixProduction
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

an eval? wow

Please sign in to comment.