SECURITY: Fix XSS vulnerability when viewing directories.

Discovered by: An anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure program <http://www.beyondsecurity.com/ssd.html>
horde · Aug 6, 2015 · 764de60 · 764de60
1 parent a617fcd
commit 764de60
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/gollem/lib/Gollem.php b/gollem/lib/Gollem.php
@@ -694,7 +694,7 @@ public static function directoryNavLink($currdir, $url)
                     if ($i == $parts_count) {
                         $label[] = $parts[($i - 1)];
                     } else {
-                        $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . $parts[($i - 1)] . '</a>';
+                        $label[] = Horde::link($url->add('dir', $dir), sprintf(_("Up to %s"), $dir)) . htmlspecialchars($parts[($i - 1)]) . '</a>';
                     }
                 }
             }

diff --git a/gollem/templates/manager.html.php b/gollem/templates/manager.html.php
@@ -39,7 +39,7 @@
 <input type="hidden" id="old_names" name="old_names" value="" />
 <input type="hidden" id="renamefrm_oldname" name="oldname" value="" />
 <input type="hidden" id="chmod" name="chmod" value="" />
-<input type="hidden" id="dir" name="dir" value="<?php echo $this->dir ?>" />
+<input type="hidden" id="dir" name="dir" value="<?php echo htmlspecialchars($this->dir) ?>" />
 <input type="hidden" name="targetFolder" value="" />
 
 <div class="header">