From 267b4ac64f21855a246b84fbb897d6fe9276d3cb Mon Sep 17 00:00:00 2001 From: Bushstar Date: Fri, 28 Mar 2014 14:41:40 +0000 Subject: [PATCH] Fix XSS flaw in friend.php To test this flaw enter the following for the friend's email. Then when it returns the error on the email address move the mouse over the email address field to activate. sample%40email.tst" onmouseover=prompt(971889) bad=" --- friend.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/friend.php b/friend.php index de11a67d..8089f868 100644 --- a/friend.php +++ b/friend.php @@ -111,11 +111,11 @@ 'CAPTCHATYPE' => $system->SETTINGS['spam_register'], 'CAPCHA' => (isset($capcha_text)) ? $capcha_text : '', 'TITLE' => $TPL_item_title, - 'FRIEND_NAME' => (isset($_POST['friend_name'])) ? $_POST['friend_name'] : '', - 'FRIEND_EMAIL' => (isset($_POST['friend_email'])) ? $_POST['friend_email'] : '', - 'YOUR_NAME' => ($user->logged_in) ? $user->user_data['name'] : '', - 'YOUR_EMAIL' => ($user->logged_in) ? $user->user_data['email'] : '', - 'COMMENT' => (isset($_POST['sender_comment'])) ? $_POST['sender_comment'] : '', + 'FRIEND_NAME' => (isset($_POST['friend_name'])) ? $system->cleanvars($_POST['friend_name']) : '', + 'FRIEND_EMAIL' => (isset($_POST['friend_email'])) ? $system->cleanvars($_POST['friend_email']) : '', + 'YOUR_NAME' => ($user->logged_in) ? $system->cleanvars($user->user_data['name']) : '', + 'YOUR_EMAIL' => ($user->logged_in) ? $system->cleanvars($user->user_data['email']) : '', + 'COMMENT' => (isset($_POST['sender_comment'])) ? $system->cleanvars($_POST['sender_comment']) : '', 'EMAILSENT' => $emailsent ));