Skip to content
Permalink
Browse files

fix: [security] Fix persistent xss via discussion links via javascrip…

…t:// links

- low impact as it requires user interaction to trigger

- as reported by João Lucas Melo Brasio from Elytron Security S.A. (https://elytronsecurity.com)
  • Loading branch information...
iglocska committed May 7, 2019
1 parent b082544 commit 3a085a6ceea00b3ab674a984dd56c1846ef775ff
Showing with 8 additions and 4 deletions.
  1. +8 −4 app/View/Helper/CommandHelper.php
@@ -68,10 +68,14 @@ private function __handleLinks(&$string, $trigger) {
$replacement = '%MALFORMED URL%';
} else {
if (filter_var(str_replace('$1', $data, $this->__replacement[$trigger]['url']), FILTER_VALIDATE_URL)) {
$replacement = $this->Html->link(
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
);
if (substr($data, 0, 7) === 'http://' || substr($data, 0, 8) === 'https://') {
$replacement = $this->Html->link(
str_replace('$1', $data, $this->__replacement[$trigger]['text']),
str_replace('$1', $data, $this->__replacement[$trigger]['url'])
);
} else {
$replacement = '%MALFORMED URL%';
}
} else {
$replacement = '%MALFORMED URL%';
}

0 comments on commit 3a085a6

Please sign in to comment.
You can’t perform that action at this time.