Skip to content

Commit

Permalink
Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs
Browse files Browse the repository at this point in the history
  • Loading branch information
@davidhicks
davidhicks committed Sep 2, 2010
1 parent 6b2e715 commit bce955c
Show file tree
Hide file tree
Showing 2 changed files with 120 additions and 1 deletion.
2 changes: 1 addition & 1 deletion library/README.libs
View file
Expand Up @@ -7,7 +7,7 @@ directory | project | version | status
adodb | adodb | 5.10 | patched: various, see git
disposable | disposable | 1.1.0 | unpatched
ezc | ez Components | 2009.2.1 | unpatched
nusoap | nusoap | 0.9.5 | unpatched
nusoap | nusoap | 0.9.5 | patched: XSS vulnerabilities as per #12312
phpmailer | PHPMailer | 5.1 | unpatched
projax | projax | | unpatched
rssbuilder | RSSBuilder | 2.2.1 | patched: removed __autoload function
Expand Down
119 changes: 119 additions & 0 deletions library/nusoap/0001-Fix-12312-NuSOAP-web-description-XSS-vulnerability.patch
View file
@@ -0,0 +1,119 @@
From edb817991b99cd5538f102be26865fde7c6b7212 Mon Sep 17 00:00:00 2001
From: David Hicks <hickseydr@optusnet.com.au>
Date: Thu, 2 Sep 2010 21:51:21 +1000
Subject: [PATCH] Fix #12312: NuSOAP web description XSS vulnerability

Bogdan Calin from Acunetix discovered a number of XSS vulnerabilities in
NuSOAP 0.9.5 (bundled with MantisBT) relating to improperly escaped
URLs.

A sample exploit URL is:
/api/soap/mantisconnect.php?1<ScRiPt>prompt(923395)</ScRiPt>

The upstream report for these XSS flaws in NuSOAP is located at the
following URL:
http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005

This patch provides an interim fix for MantisBT users until upstream
makes a new release.
---
library/nusoap/class.wsdl.php | 16 ++++++++--------
library/nusoap/nusoap.php | 14 +++++++-------
2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/library/nusoap/class.wsdl.php b/library/nusoap/class.wsdl.php
index 6d2a693..7dcc307 100644
--- a/library/nusoap/class.wsdl.php
+++ b/library/nusoap/class.wsdl.php
@@ -842,9 +842,9 @@ class wsdl extends nusoap_base {
<body>
<div class=content>
<br><br>
- <div class=title>'.$this->serviceName.'</div>
+ <div class=title>'.htmlentities($this->serviceName).'</div>
<div class=nav>
- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
+ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
Click on an operation name to view it&apos;s details.</p>
<ul>';
foreach($this->getOperations() as $op => $data){
@@ -854,21 +854,21 @@ class wsdl extends nusoap_base {
<a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
foreach($data as $donnie => $marie){ // loop through opdata
if($donnie == 'input' || $donnie == 'output'){ // show input/output data
- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
foreach($marie as $captain => $tenille){ // loop through data
if($captain == 'parts'){ // loop thru parts
- $b .= "&nbsp;&nbsp;$captain:<br>";
+ $b .= "&nbsp;&nbsp;".htmlentities($captain).":<br>";
//if(is_array($tenille)){
foreach($tenille as $joanie => $chachi){
- $b .= "&nbsp;&nbsp;&nbsp;&nbsp;$joanie: $chachi<br>";
+ $b .= "&nbsp;&nbsp;&nbsp;&nbsp;".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
}
//}
} else {
- $b .= "&nbsp;&nbsp;$captain: $tenille<br>";
+ $b .= "&nbsp;&nbsp;".htmlentities($captain).": ".htmlentities($tenille)."<br>";
}
}
} else {
- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
}
}
$b .= '</div>';
@@ -1935,4 +1935,4 @@ class wsdl extends nusoap_base {
}
}

-?>
\ No newline at end of file
+?>
diff --git a/library/nusoap/nusoap.php b/library/nusoap/nusoap.php
index 4973532..10750aa 100644
--- a/library/nusoap/nusoap.php
+++ b/library/nusoap/nusoap.php
@@ -5424,9 +5424,9 @@ class wsdl extends nusoap_base {
<body>
<div class=content>
<br><br>
- <div class=title>'.$this->serviceName.'</div>
+ <div class=title>'.htmlentities($this->serviceName).'</div>
<div class=nav>
- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
+ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
Click on an operation name to view it&apos;s details.</p>
<ul>';
foreach($this->getOperations() as $op => $data){
@@ -5436,21 +5436,21 @@ class wsdl extends nusoap_base {
<a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
foreach($data as $donnie => $marie){ // loop through opdata
if($donnie == 'input' || $donnie == 'output'){ // show input/output data
- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
foreach($marie as $captain => $tenille){ // loop through data
if($captain == 'parts'){ // loop thru parts
- $b .= "&nbsp;&nbsp;$captain:<br>";
+ $b .= "&nbsp;&nbsp;".htmlentities($captain).":<br>";
//if(is_array($tenille)){
foreach($tenille as $joanie => $chachi){
- $b .= "&nbsp;&nbsp;&nbsp;&nbsp;$joanie: $chachi<br>";
+ $b .= "&nbsp;&nbsp;&nbsp;&nbsp;".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
}
//}
} else {
- $b .= "&nbsp;&nbsp;$captain: $tenille<br>";
+ $b .= "&nbsp;&nbsp;".htmlentities($captain).": ".htmlentities($tenille)."<br>";
}
}
} else {
- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
}
}
$b .= '</div>';
--
1.7.2.2

0 comments on commit bce955c

Please sign in to comment.