Skip to content

Commit 3c6f09a

Browse files
committed
#170 fixed security issues in profile editor and PDF editor
1 parent 7d2f43a commit 3c6f09a

File tree

3 files changed

+22
-8
lines changed

3 files changed

+22
-8
lines changed

Diff for: lam/HISTORY

+1
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@ June 2022 8.0
22
- Extended user account status and locking options
33
- Fixed bugs:
44
-> Hidden account is displayed (257)
5+
-> Security issues in PDF editor and profile editor
56

67
09.03.2022 7.9
78
- Tree view:

Diff for: lam/lib/html.inc

+2-2
Original file line numberDiff line numberDiff line change
@@ -558,10 +558,10 @@ class htmlInputField extends htmlElement {
558558
}
559559
if (isset($values[$this->fieldName])) {
560560
if (isObfuscatedText($values[$this->fieldName][0])) {
561-
$this->fieldValue = deobfuscateText($values[$this->fieldName][0]);
561+
$this->fieldValue = htmlspecialchars(deobfuscateText($values[$this->fieldName][0]));
562562
}
563563
else {
564-
$this->fieldValue = $values[$this->fieldName][0];
564+
$this->fieldValue = htmlspecialchars($values[$this->fieldName][0]);
565565
}
566566
}
567567
$validators = array();

Diff for: lam/templates/pdfedit/pdfpage.php

+19-6
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
use \htmlResponsiveInputTextarea;
1414
use \htmlHiddenInput;
1515
use \htmlSpacer;
16+
use LAM\PDF\PdfLogo;
1617
use LAM\PDF\PdfStructurePersistenceManager;
1718
use LAM\PDF\PDFTextSection;
1819
use LAM\PDF\PDFEntrySection;
@@ -23,7 +24,7 @@
2324
/*
2425
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
2526
Copyright (C) 2003 - 2006 Michael Duergner
26-
2007 - 2021 Roland Gruber
27+
2007 - 2022 Roland Gruber
2728
2829
This program is free software; you can redistribute it and/or modify
2930
it under the terms of the GNU General Public License as published by
@@ -132,8 +133,9 @@
132133
}
133134
}
134135

136+
$logoFiles = $pdfStructurePersistenceManager->getPdfLogos($_SESSION['config']->getName(), true);
135137
if (!empty($_POST['form_submit'])) {
136-
updateBasicSettings($_SESSION['currentPDFStructure']);
138+
updateBasicSettings($_SESSION['currentPDFStructure'], $logoFiles);
137139
updateSectionTitles($_SESSION['currentPDFStructure']);
138140
addSection($_SESSION['currentPDFStructure']);
139141
addSectionEntry($_SESSION['currentPDFStructure']);
@@ -228,7 +230,6 @@
228230
// headline
229231
$headline = $_SESSION['currentPDFStructure']->getTitle();
230232
// logo
231-
$logoFiles = $pdfStructurePersistenceManager->getPdfLogos($_SESSION['config']->getName(), true);
232233
$logos = array(_('No logo') => 'none');
233234
foreach($logoFiles as $logoFile) {
234235
$logos[$logoFile->getName() . ' (' . $logoFile->getWidth() . ' x ' . $logoFile->getHeight() . ")"] = $logoFile->getName();
@@ -516,16 +517,28 @@ function translateFieldIDToName($id, $scope, $availablePDFFields) {
516517
/**
517518
* Updates basic settings such as logo and head line.
518519
*
519-
* @param PDFStructure $structure
520+
* @param PDFStructure $structure PDF structure
521+
* @param PdfLogo[] $logoFiles logos
520522
*/
521-
function updateBasicSettings(PDFStructure &$structure) {
523+
function updateBasicSettings(PDFStructure &$structure, array $logoFiles) {
522524
// set headline
523525
if (isset($_POST['headline'])) {
524526
$structure->setTitle(str_replace('<', '', str_replace('>', '', $_POST['headline'])));
525527
}
526528
// set logo
527529
if (isset($_POST['logoFile'])) {
528-
$structure->setLogo($_POST['logoFile']);
530+
$fileName = $_POST['logoFile'];
531+
$found = false;
532+
foreach ($logoFiles as $logoFile) {
533+
if ($logoFile->getName() === $fileName) {
534+
$found = true;
535+
}
536+
}
537+
if (!$found) {
538+
logNewMessage(LOG_ERR, 'Invalid PDF logo file: ' . $fileName);
539+
return;
540+
}
541+
$structure->setLogo($fileName);
529542
}
530543
// set folding marks
531544
if (isset($_POST['foldingmarks'])) {

0 commit comments

Comments
 (0)