Skip to content

Commit 61d4d36

Browse files
committed
fix: [security] stored XSS in the user add/edit forms
- a malicious site administrator could store an XSS payload in the custom auth name which would be executed each time the administrator modifies a user - as reported by Ianis BERNARD - NATO Cyber Security Centre
1 parent dc63cb7 commit 61d4d36

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

Diff for: app/View/Users/admin_add.ctp

+1-1
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@
1313
$password = false;
1414
} else {
1515
$userType = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
16-
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => $userType . ' user'));
16+
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => h($userType) . ' user'));
1717
}
1818
echo sprintf(
1919
'<div class="clear"></div><div %s>%s</div>',

Diff for: app/View/Users/admin_edit.ctp

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@
1616
$password = false;
1717
} else {
1818
$userType = Configure::read('Plugin.CustomAuth_name') ? Configure::read('Plugin.CustomAuth_name') : 'External authentication';
19-
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => $userType . ' user'));
19+
echo $this->Form->input('external_auth_required', array('type' => 'checkbox', 'label' => h($userType) . ' user'));
2020
}
2121
echo sprintf(
2222
'<div class="clear"></div><div %s>%s</div>',

0 commit comments

Comments
 (0)