Skip to content

Commit

Permalink
Fixed issue: possible cross-site scripting in template editor
Browse files Browse the repository at this point in the history
  • Loading branch information
LouisGac committed Dec 13, 2016
1 parent f6c991c commit ecc649e
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions application/controllers/admin/templates.php
View file
Expand Up @@ -79,6 +79,7 @@ public function templatezip($templatename)
*/
public function tmp($id)
{
$id = (int) $id;
$iTime= preg_replace("/[^0-9]$/", '', $id);
$sFile = Yii::app()->getConfig("tempdir").DIRECTORY_SEPARATOR."template_temp_{$iTime}.html";

Expand Down

3 comments on commit ecc649e

@Shnoulle
Copy link
Collaborator

@Shnoulle Shnoulle commented on ecc649e Dec 14, 2016
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already $id = CHtml::encode($id); just some line after (and the if preg_replace is buggy : remove it)

@LouisGac
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

still reported as a problem by some security script of a client

@Shnoulle
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but seems major issue is $sFile :) . preg_replace is totally broken here and can be removed (like the encode after)

Please sign in to comment.