Navigation Menu

Skip to content

Commit

Permalink
Fix XSS in install.php
Browse files Browse the repository at this point in the history 
This vulnerability (CVE-2014-9571) was reported by High-Tech Bridge
Security Research Lab (https://www.htbridge.com/) in issue #17937
(advisory ID HTB23243).

The parameters are now properly sanitized before being displayed.

Fixes #17938
  • Loading branch information
@dregad
dregad committed Jan 9, 2015
1 parent 69c2d28 commit 6d47c04
Showing 1 changed file with 21 additions and 21 deletions.
42 changes: 21 additions & 21 deletions admin/install.php
View file
Expand Up @@ -355,7 +355,7 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
# due to a bug in ADODB, this call prompts warnings, hence the @
# the check only works on mysql if the database is open
$t_version_info = @$g_db->ServerInfo();
echo '<br /> Running ' . $f_db_type . ' version ' . $t_version_info['description'];
echo '<br /> Running ' . string_attribute( $f_db_type ) . ' version ' . $t_version_info['description'];
?>
</td>
<?php
Expand Down Expand Up @@ -444,7 +444,7 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
Hostname (for Database Server)
</td>
<td>
<input name="hostname" type="textbox" value="<?php echo $f_hostname?>"></input>
<input name="hostname" type="textbox" value="<?php echo string_attribute( $f_hostname ) ?>"></input>
</td>
</tr>
<?php
Expand All @@ -456,7 +456,7 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
Username (for Database)
</td>
<td>
<input name="db_username" type="textbox" value="<?php echo $f_db_username?>"></input>
<input name="db_username" type="textbox" value="<?php echo string_attribute( $f_db_username ) ?>"></input>
</td>
</tr>
<?php
Expand All @@ -480,7 +480,7 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
Database name (for Database)
</td>
<td>
<input name="database_name" type="textbox" value="<?php echo $f_database_name?>"></input>
<input name="database_name" type="textbox" value="<?php echo string_attribute( $f_database_name ) ?>"></input>
</td>
</tr>
<?php
Expand All @@ -491,7 +491,7 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
Admin Username (to <?php echo( !$g_database_upgrade ) ? 'create Database' : 'update Database'?> if required)
</td>
<td>
<input name="admin_username" type="textbox" value="<?php echo $f_admin_username?>"></input>
<input name="admin_username" type="textbox" value="<?php echo string_attribute( $f_admin_username ) ?>"></input>
</td>
</tr>

Expand All @@ -500,7 +500,7 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
Admin Password (to <?php echo( !$g_database_upgrade ) ? 'create Database' : 'update Database'?> if required)
</td>
<td>
<input name="admin_password" type="password" value="<?php echo $f_admin_password?>"></input>
<input name="admin_password" type="password" value="<?php echo string_attribute( $f_admin_password ) ?>"></input>
</td>
</tr>

Expand Down Expand Up @@ -754,13 +754,13 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
/** @todo to be written */
// must post data gathered to preserve it
?>
<input name="hostname" type="hidden" value="<?php echo $f_hostname?>"></input>
<input name="db_type" type="hidden" value="<?php echo $f_db_type?>"></input>
<input name="database_name" type="hidden" value="<?php echo $f_database_name?>"></input>
<input name="db_username" type="hidden" value="<?php echo $f_db_username?>"></input>
<input name="db_password" type="hidden" value="<?php echo $f_db_password?>"></input>
<input name="admin_username" type="hidden" value="<?php echo $f_admin_username?>"></input>
<input name="admin_password" type="hidden" value="<?php echo $f_admin_password?>"></input>
<input name="hostname" type="hidden" value="<?php echo string_attribute( $f_hostname ) ?>"></input>
<input name="db_type" type="hidden" value="<?php echo string_attribute( $f_db_type ) ?>"></input>
<input name="database_name" type="hidden" value="<?php echo string_attribute( $f_database_name ) ?>"></input>
<input name="db_username" type="hidden" value="<?php echo string_attribute( $f_db_username ) ?>"></input>
<input name="db_password" type="hidden" value="<?php echo string_attribute( $f_db_password ) ?>"></input>
<input name="admin_username" type="hidden" value="<?php echo string_attribute( $f_admin_username ) ?>"></input>
<input name="admin_password" type="hidden" value="<?php echo string_attribute( $f_admin_password ) ?>"></input>
<input name="log_queries" type="hidden" value="<?php echo( $f_log_queries ? 1 : 0 )?>"></input>
<input name="db_exists" type="hidden" value="<?php echo( $f_db_exists ? 1 : 0 )?>"></input>
<?php
Expand Down Expand Up @@ -986,14 +986,14 @@ function print_test( $p_test_description, $p_result, $p_hard_fail = true, $p_mes
<tr>
<td bgcolor="#ffffff">Please correct failed checks</td>
<td bgcolor="#ffffff">
<input name="install" type="hidden" value="<?php echo $t_install_state?>"></input>
<input name="hostname" type="hidden" value="<?php echo $f_hostname?>"></input>
<input name="db_type" type="hidden" value="<?php echo $f_db_type?>"></input>
<input name="database_name" type="hidden" value="<?php echo $f_database_name?>"></input>
<input name="db_username" type="hidden" value="<?php echo $f_db_username?>"></input>
<input name="db_password" type="hidden" value="<?php echo $f_db_password?>"></input>
<input name="admin_username" type="hidden" value="<?php echo $f_admin_username?>"></input>
<input name="admin_password" type="hidden" value="<?php echo $f_admin_password?>"></input>
<input name="install" type="hidden" value="<?php echo $t_install_state ?>"></input>
<input name="hostname" type="hidden" value="<?php echo string_attribute( $f_hostname ) ?>"></input>
<input name="db_type" type="hidden" value="<?php echo string_attribute( $f_db_type ) ?>"></input>
<input name="database_name" type="hidden" value="<?php echo string_attribute( $f_database_name ) ?>"></input>
<input name="db_username" type="hidden" value="<?php echo string_attribute( $f_db_username ) ?>"></input>
<input name="db_password" type="hidden" value="<?php echo string_attribute( $f_db_password ) ?>"></input>
<input name="admin_username" type="hidden" value="<?php echo string_attribute( $f_admin_username ) ?>"></input>
<input name="admin_password" type="hidden" value="<?php echo string_attribute( $f_admin_password ) ?>"></input>
<input name="log_queries" type="hidden" value="<?php echo( $f_log_queries ? 1 : 0 )?>"></input>
<input name="db_exists" type="hidden" value="<?php echo( $f_db_exists ? 1 : 0 )?>"></input>
<input name="retry" type="submit" class="button" value="Retry"></input>
Expand Down

0 comments on commit 6d47c04

Please sign in to comment.