Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Fix for Cross-site Scripting (XSS) - huntr.dev #4543

Closed
wants to merge 9 commits into from
Closed

Security Fix for Cross-site Scripting (XSS) - huntr.dev #4543

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
3871537
[FIX] Stored-XSS using `htmlentities()`
Mik317 Sep 9, 2020
a80858d
Merge pull request #1 from Mik317/master
Sep 11, 2020
098e345
Merge branch 'master' into master
asbiin Sep 12, 2020
4e2b8d1
[FIX] Stored-XSS using `htmlentities()` in audit log
alromh87 Sep 24, 2020
c9b516c
Filter also when no user
alromh87 Sep 24, 2020
4651b45
Fix XSS
alromh87 Sep 24, 2020
58b4a03
Fix XSS (Clean up)
alromh87 Sep 24, 2020
0764eba
Merge pull request #2 from alromh87/master
JamieSlome Oct 12, 2020
c7ed790
Merge branch 'master' into 2-other-monica
JamieSlome Nov 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
7 changes: 3 additions & 4 deletions app/Helpers/AuditLogHelper.php
View file
Open in desktop
Expand Up @@ -31,17 +31,16 @@ public static function getCollectionOfAuditForSettings($logs): Collection
'logs.settings_log_'.$log->action.'_with_name_with_link',
[
'link' => '/people/'.$contact->hashId(),
'name' => $contact->name,
'name' => htmlentities($contact->name, ENT_QUOTES, 'utf-8'),
]
);
} catch (ModelNotFoundException $e) {
// the contact doesn't exist anymore, we don't need a link, we'll only display a name
$description = trans('logs.settings_log_'.$log->action.'_with_name', ['name' => $log->object->{'contact_name'}]);
$description = trans('logs.settings_log_'.$log->action.'_with_name', ['name' => htmlentities($log->object->{'contact_name'}, ENT_QUOTES, 'utf-8')]);
}
} else {
$description = trans('logs.settings_log_'.$log->action, ['name' => $log->object->{'name'}]);
$description = trans('logs.settings_log_'.$log->action, ['name' => htmlentities($log->object->{'name'}, ENT_QUOTES, 'utf-8')]);
}

$logsCollection->push([
'author_name' => ($log->author) ? $log->author->name : $log->author_name,
'description' => $description,
Expand Down
4 changes: 2 additions & 2 deletions app/Http/Controllers/JournalController.php
View file
Open in desktop
Expand Up @@ -160,7 +160,7 @@ public function save(Request $request)

$entry = new Entry;
$entry->account_id = $request->user()->account_id;
$entry->post = $request->input('entry');
$entry->post = htmlentities($request->input('entry'), ENT_QUOTES, 'utf-8');

if ($request->input('title') != '') {
$entry->title = $request->input('title');
Expand Down Expand Up @@ -206,7 +206,7 @@ public function update(Request $request, Entry $entry)
->withErrors($validator);
}

$entry->post = $request->input('entry');
$entry->post = htmlentities($request->input('entry'), ENT_QUOTES, 'utf-8');

if ($request->input('title') != '') {
$entry->title = $request->input('title');
Expand Down
1 change: 1 addition & 0 deletions app/Http/Kernel.php
View file
Open in desktop
Expand Up @@ -19,6 +19,7 @@ class Kernel extends HttpKernel
\Illuminate\Foundation\Http\Middleware\ValidatePostSize::class,
\App\Http\Middleware\TrimStrings::class,
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
\App\Http\Middleware\SanitizeInput::class,
];

/**
Expand Down
41 changes: 41 additions & 0 deletions app/Http/Middleware/SanitizeInput.php
View file
Open in desktop
@@ -0,0 +1,41 @@
<?php

namespace App\Http\Middleware;

use Illuminate\Foundation\Http\Middleware\TransformsRequest as Middleware;

class SanitizeInput extends Middleware
{
/**
* Extends TransformsRequest to clean input from XSS
*
*/
protected function transform($key, $value)
{
// Ignore excepted ones
if (in_array($key, $this->except, true)) {
return $value;
}

// Strip Html tags and encode missed ones
if (is_string($value) && $value !== '') {
$value = strip_tags($value);
$value = htmlentities($value, ENT_QUOTES, 'utf-8');
}
return $value;
}

/**
* The names of the attributes that should not be trimmed.
*
* @var array
*/
protected $except = [
'password',
'password_confirmation',
'_token',
''
];

}

2 changes: 1 addition & 1 deletion resources/views/people/introductions/index.blade.php
View file
Open in desktop
Expand Up @@ -13,7 +13,7 @@
@if ($introducer = $contact->getIntroducer())
<li>
<i class="fa fa-sign-language"></i>
{!! trans('people.introductions_met_through', ['url' => route('people.show', $introducer), 'name' => $introducer->name]) !!}
{!! trans('people.introductions_met_through', ['url' => route('people.show', $introducer), 'name' => htmlentities($introducer->name, ENT_QUOTES, 'utf-8')]) !!}
</li>
@endif

Expand Down