Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue #12312: Provide patch for NuSOAP XSS fix and update README.libs
- Loading branch information
1 parent
edb8179
commit c4f0d68
Showing
2 changed files
with
120 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
119 changes: 119 additions & 0 deletions
119
library/nusoap/0001-Fix-12312-NuSOAP-web-description-XSS-vulnerability.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,119 @@ | ||
From edb817991b99cd5538f102be26865fde7c6b7212 Mon Sep 17 00:00:00 2001 | ||
From: David Hicks <hickseydr@optusnet.com.au> | ||
Date: Thu, 2 Sep 2010 21:51:21 +1000 | ||
Subject: [PATCH] Fix #12312: NuSOAP web description XSS vulnerability | ||
|
||
Bogdan Calin from Acunetix discovered a number of XSS vulnerabilities in | ||
NuSOAP 0.9.5 (bundled with MantisBT) relating to improperly escaped | ||
URLs. | ||
|
||
A sample exploit URL is: | ||
/api/soap/mantisconnect.php?1<ScRiPt>prompt(923395)</ScRiPt> | ||
|
||
The upstream report for these XSS flaws in NuSOAP is located at the | ||
following URL: | ||
http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005 | ||
|
||
This patch provides an interim fix for MantisBT users until upstream | ||
makes a new release. | ||
--- | ||
library/nusoap/class.wsdl.php | 16 ++++++++-------- | ||
library/nusoap/nusoap.php | 14 +++++++------- | ||
2 files changed, 15 insertions(+), 15 deletions(-) | ||
|
||
diff --git a/library/nusoap/class.wsdl.php b/library/nusoap/class.wsdl.php | ||
index 6d2a693..7dcc307 100644 | ||
--- a/library/nusoap/class.wsdl.php | ||
+++ b/library/nusoap/class.wsdl.php | ||
@@ -842,9 +842,9 @@ class wsdl extends nusoap_base { | ||
<body> | ||
<div class=content> | ||
<br><br> | ||
- <div class=title>'.$this->serviceName.'</div> | ||
+ <div class=title>'.htmlentities($this->serviceName).'</div> | ||
<div class=nav> | ||
- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service. | ||
+ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service. | ||
Click on an operation name to view it's details.</p> | ||
<ul>'; | ||
foreach($this->getOperations() as $op => $data){ | ||
@@ -854,21 +854,21 @@ class wsdl extends nusoap_base { | ||
<a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>"; | ||
foreach($data as $donnie => $marie){ // loop through opdata | ||
if($donnie == 'input' || $donnie == 'output'){ // show input/output data | ||
- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>'; | ||
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>'; | ||
foreach($marie as $captain => $tenille){ // loop through data | ||
if($captain == 'parts'){ // loop thru parts | ||
- $b .= " $captain:<br>"; | ||
+ $b .= " ".htmlentities($captain).":<br>"; | ||
//if(is_array($tenille)){ | ||
foreach($tenille as $joanie => $chachi){ | ||
- $b .= " $joanie: $chachi<br>"; | ||
+ $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>"; | ||
} | ||
//} | ||
} else { | ||
- $b .= " $captain: $tenille<br>"; | ||
+ $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>"; | ||
} | ||
} | ||
} else { | ||
- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>"; | ||
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>"; | ||
} | ||
} | ||
$b .= '</div>'; | ||
@@ -1935,4 +1935,4 @@ class wsdl extends nusoap_base { | ||
} | ||
} | ||
|
||
-?> | ||
\ No newline at end of file | ||
+?> | ||
diff --git a/library/nusoap/nusoap.php b/library/nusoap/nusoap.php | ||
index 4973532..10750aa 100644 | ||
--- a/library/nusoap/nusoap.php | ||
+++ b/library/nusoap/nusoap.php | ||
@@ -5424,9 +5424,9 @@ class wsdl extends nusoap_base { | ||
<body> | ||
<div class=content> | ||
<br><br> | ||
- <div class=title>'.$this->serviceName.'</div> | ||
+ <div class=title>'.htmlentities($this->serviceName).'</div> | ||
<div class=nav> | ||
- <p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service. | ||
+ <p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service. | ||
Click on an operation name to view it's details.</p> | ||
<ul>'; | ||
foreach($this->getOperations() as $op => $data){ | ||
@@ -5436,21 +5436,21 @@ class wsdl extends nusoap_base { | ||
<a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>"; | ||
foreach($data as $donnie => $marie){ // loop through opdata | ||
if($donnie == 'input' || $donnie == 'output'){ // show input/output data | ||
- $b .= "<font color='white'>".ucfirst($donnie).':</font><br>'; | ||
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>'; | ||
foreach($marie as $captain => $tenille){ // loop through data | ||
if($captain == 'parts'){ // loop thru parts | ||
- $b .= " $captain:<br>"; | ||
+ $b .= " ".htmlentities($captain).":<br>"; | ||
//if(is_array($tenille)){ | ||
foreach($tenille as $joanie => $chachi){ | ||
- $b .= " $joanie: $chachi<br>"; | ||
+ $b .= " ".htmlentities($joanie).": ".htmlentities($chachi)."<br>"; | ||
} | ||
//} | ||
} else { | ||
- $b .= " $captain: $tenille<br>"; | ||
+ $b .= " ".htmlentities($captain).": ".htmlentities($tenille)."<br>"; | ||
} | ||
} | ||
} else { | ||
- $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>"; | ||
+ $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>"; | ||
} | ||
} | ||
$b .= '</div>'; | ||
-- | ||
1.7.2.2 | ||
|