Skip to content

Commit

Permalink
#170 fixed security issues in profile editor and PDF editor
Browse files Browse the repository at this point in the history
  • Loading branch information
gruberroland committed Apr 11, 2022
1 parent 7d2f43a commit 3c6f09a
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 8 deletions.
1 change: 1 addition & 0 deletions lam/HISTORY
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ June 2022 8.0
- Extended user account status and locking options
- Fixed bugs:
-> Hidden account is displayed (257)
-> Security issues in PDF editor and profile editor

09.03.2022 7.9
- Tree view:
Expand Down
4 changes: 2 additions & 2 deletions lam/lib/html.inc
Original file line number Diff line number Diff line change
Expand Up @@ -558,10 +558,10 @@ class htmlInputField extends htmlElement {
}
if (isset($values[$this->fieldName])) {
if (isObfuscatedText($values[$this->fieldName][0])) {
$this->fieldValue = deobfuscateText($values[$this->fieldName][0]);
$this->fieldValue = htmlspecialchars(deobfuscateText($values[$this->fieldName][0]));
}
else {
$this->fieldValue = $values[$this->fieldName][0];
$this->fieldValue = htmlspecialchars($values[$this->fieldName][0]);
}
}
$validators = array();
Expand Down
25 changes: 19 additions & 6 deletions lam/templates/pdfedit/pdfpage.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
use \htmlResponsiveInputTextarea;
use \htmlHiddenInput;
use \htmlSpacer;
use LAM\PDF\PdfLogo;
use LAM\PDF\PdfStructurePersistenceManager;
use LAM\PDF\PDFTextSection;
use LAM\PDF\PDFEntrySection;
Expand All @@ -23,7 +24,7 @@
/*
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Michael Duergner
2007 - 2021 Roland Gruber
2007 - 2022 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
Expand Down Expand Up @@ -132,8 +133,9 @@
}
}

$logoFiles = $pdfStructurePersistenceManager->getPdfLogos($_SESSION['config']->getName(), true);
if (!empty($_POST['form_submit'])) {
updateBasicSettings($_SESSION['currentPDFStructure']);
updateBasicSettings($_SESSION['currentPDFStructure'], $logoFiles);
updateSectionTitles($_SESSION['currentPDFStructure']);
addSection($_SESSION['currentPDFStructure']);
addSectionEntry($_SESSION['currentPDFStructure']);
Expand Down Expand Up @@ -228,7 +230,6 @@
// headline
$headline = $_SESSION['currentPDFStructure']->getTitle();
// logo
$logoFiles = $pdfStructurePersistenceManager->getPdfLogos($_SESSION['config']->getName(), true);
$logos = array(_('No logo') => 'none');
foreach($logoFiles as $logoFile) {
$logos[$logoFile->getName() . ' (' . $logoFile->getWidth() . ' x ' . $logoFile->getHeight() . ")"] = $logoFile->getName();
Expand Down Expand Up @@ -516,16 +517,28 @@ function translateFieldIDToName($id, $scope, $availablePDFFields) {
/**
* Updates basic settings such as logo and head line.
*
* @param PDFStructure $structure
* @param PDFStructure $structure PDF structure
* @param PdfLogo[] $logoFiles logos
*/
function updateBasicSettings(PDFStructure &$structure) {
function updateBasicSettings(PDFStructure &$structure, array $logoFiles) {
// set headline
if (isset($_POST['headline'])) {
$structure->setTitle(str_replace('<', '', str_replace('>', '', $_POST['headline'])));
}
// set logo
if (isset($_POST['logoFile'])) {
$structure->setLogo($_POST['logoFile']);
$fileName = $_POST['logoFile'];
$found = false;
foreach ($logoFiles as $logoFile) {
if ($logoFile->getName() === $fileName) {
$found = true;
}
}
if (!$found) {
logNewMessage(LOG_ERR, 'Invalid PDF logo file: ' . $fileName);
return;
}
$structure->setLogo($fileName);
}
// set folding marks
if (isset($_POST['foldingmarks'])) {
Expand Down

0 comments on commit 3c6f09a

Please sign in to comment.