Skip to content

Commit

Permalink
fix: [security] Fix persistent xss via discussion links via javascrip…
Browse files Browse the repository at this point in the history 
…t:// links

- low impact as it requires user interaction to trigger

- as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)
  • Loading branch information
@iglocska
iglocska committed May 7, 2019
1 parent b082544 commit 3a085a6
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions app/View/Helper/CommandHelper.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,10 +68,14 @@ private function __handleLinks(&$string, $trigger) {
$replacement = '%MALFORMED URL%';
} else {
if (filter_var(str_replace('$1', $data, $this->__replacement[$trigger]['url']), FILTER_VALIDATE_URL)) {
$replacement = $this->Html->link(
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
);
if (substr($data, 0, 7) === 'http://' || substr($data, 0, 8) === 'https://') {
$replacement = $this->Html->link(
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
);
} else {
$replacement = '%MALFORMED URL%';
}
} else {
$replacement = '%MALFORMED URL%';
}
Expand Down

0 comments on commit 3a085a6

Please sign in to comment.