Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [security] XSS in the template element index view
- As reported by Rubin Azad
  • Loading branch information
mokaddem committed Nov 18, 2020
1 parent 222b40c commit 626ca54
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
6 changes: 4 additions & 2 deletions app/Controller/TemplateElementsController.php
Expand Up @@ -15,11 +15,13 @@ class TemplateElementsController extends AppController

public function index($id)
{

if (!is_numeric($id)) {
throw new MethodNotAllowedException(__('No template with the provided ID exists, or you are not authorised to see it.'));
}
//check permissions
$template = $this->TemplateElement->Template->checkAuthorisation($id, $this->Auth->user(), false);
if (!$this->_isSiteAdmin() && !$template) {
throw new MethodNotAllowedException('No template with the provided ID exists, or you are not authorised to see it.');
throw new MethodNotAllowedException(__('No template with the provided ID exists, or you are not authorised to see it.'));
}

$templateElements = $this->TemplateElement->find('all', array(
Expand Down
2 changes: 1 addition & 1 deletion app/Model/Template.php
Expand Up @@ -52,7 +52,7 @@ public function checkAuthorisation($id, $user, $write)
return false;
}

//if the user is a site admin, return the template withoug question
//if the user is a site admin, return the template without question
if ($user['Role']['perm_site_admin']) {
return $template;
}
Expand Down
2 changes: 1 addition & 1 deletion app/View/TemplateElements/ajax/ajaxIndex.ctp
Expand Up @@ -8,7 +8,7 @@
?>
</ul>
<?php if ($mayModify): ?>
<div id="AddTemplateElementDiv" role="button" tabindex="0" aria-label="<?php echo __('Add a new template element');?>" title="<?php echo __('Add a new template element');?>" class="addTemplateElement useCursorPointer" onClick="templateAddElementClicked(<?php echo $id; ?>);">+</div>
<div id="AddTemplateElementDiv" role="button" tabindex="0" aria-label="<?php echo __('Add a new template element');?>" title="<?php echo __('Add a new template element');?>" class="addTemplateElement useCursorPointer" onClick="templateAddElementClicked(<?php echo h($id); ?>);">+</div>
<?php endif; ?>
</div>
<script type="text/javascript">
Expand Down

0 comments on commit 626ca54

Please sign in to comment.