Skip to content

Commit

Permalink
[security] Fixed issue #14376: XSS in Survey Resource zip upload
Browse files Browse the repository at this point in the history 
[security] Fixed issue : XSS in theme zip upload
Dev: CHtml::encode filename (whole) when view
Dev: Same with import theme
Dev: some other fix to do : reporting issues
  • Loading branch information
@Shnoulle
Shnoulle committed Dec 21, 2018
1 parent 73fe91e commit bfee69e
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 16 deletions.
20 changes: 8 additions & 12 deletions application/views/admin/survey/importSurveyResources_view.php
View file
Expand Up @@ -19,9 +19,8 @@
<p>
<ul>
<?php
foreach ($aImportedFilesInfo as $entry)
{
echo CHtml::tag('li', array(), gT("File") . ': ' . $entry["filename"]);
foreach ($aImportedFilesInfo as $entry) {
echo CHtml::tag('li', array(), sprintf(gT("File: %s"),CHtml::encode($entry["filename"])));
}
?>
</ul>
Expand Down Expand Up @@ -55,9 +54,8 @@
<p>
<ul>
<?php
foreach ($aImportedFilesInfo as $entry)
{
echo CHtml::tag('li', array(), gT("File") . ': ' . $entry["filename"]);
foreach ($aImportedFilesInfo as $entry) {
echo CHtml::tag('li', array(), sprintf(gT("File: %s"),CHtml::encode($entry["filename"])));
}
?>
</ul>
Expand All @@ -67,9 +65,8 @@
</p>
<p>
<?php
foreach ($aErrorFilesInfo as $entry)
{
echo CHtml::tag('li', array(), gT("File") . ': ' . $entry['filename'] . " (" . $entry['status'] . ")");
foreach ($aErrorFilesInfo as $entry) {
echo CHtml::tag('li', array(), sprintf(gT("File: %s (%s)"),CHtml::encode($entry["filename"]),$entry['status']));
}
?>
</ul>
Expand Down Expand Up @@ -102,9 +99,8 @@
</p>
<p>
<?php
foreach ($aErrorFilesInfo as $entry)
{
echo CHtml::tag('li', array(), gT("File") . ': ' . $entry['filename'] . " (" . $entry['status'] . ")");
foreach ($aErrorFilesInfo as $entry) {
echo CHtml::tag('li', array(), sprintf(gT("File: %s (%s)"),CHtml::encode($entry["filename"]),$entry['status']));
}
?>
</ul>
Expand Down
6 changes: 3 additions & 3 deletions application/views/admin/themes/importuploaded_view.php
View file
Expand Up @@ -52,12 +52,12 @@
{
if ($entry['is_folder']){
?>
<li><?php echo gT("Folder:") . " " . htmlspecialchars($entry["filename"],ENT_QUOTES,'utf-8'); ?></li>
<li><?php printf(gT("Folder: %s"),CHtml::encode($entry["filename"])); ?></li>
<?php
}
else
{ ?>
<li><?php echo gT("File:") . " " . htmlspecialchars($entry["filename"],ENT_QUOTES,'utf-8'); ?></li>
<li><?php printf(gT("File: %s"),CHtml::encode($entry["filename"])); ?></li>


<?php
Expand All @@ -74,7 +74,7 @@
foreach ($aErrorFilesInfo as $entry)
{
?>
<li><?php echo gT("File:") . " " . $entry["filename"] ?></li>
<li><?php printf(gT("File: %s"),CHtml::encode($entry["filename"])); ?></li>
<?php
}
}
Expand Down
2 changes: 1 addition & 1 deletion application/views/admin/themes/templatesummary_view.php
View file
Expand Up @@ -126,7 +126,7 @@
<?php foreach ($otherfiles as $fileName => $file) { ?>
<div class="row other-files-row">
<div class="col-sm-9 other-files-filename">
<?php echo (empty(substr(strrchr($file, DIRECTORY_SEPARATOR), 1)))?$file:substr(strrchr($file, DIRECTORY_SEPARATOR), 1) ;?>
<?php echo CHtml::encode((empty(substr(strrchr($file, DIRECTORY_SEPARATOR), 1)))?$file:substr(strrchr($file, DIRECTORY_SEPARATOR), 1)) ;?>
</div>
<div class="col-sm-3">
<?php //TODO: make it ajax and less messy ?>
Expand Down

0 comments on commit bfee69e

Please sign in to comment.