Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix multiple XSS (thanks to adsec2s)
  • Loading branch information
faf committed Jul 9, 2020
1 parent fb35d4f commit 84f5bca
Show file tree
Hide file tree
Showing 6 changed files with 20 additions and 20 deletions.
8 changes: 4 additions & 4 deletions src/mibew/libs/chat.php
Expand Up @@ -697,7 +697,7 @@ function chat_start_for_user(
Thread::KIND_FOR_AGENT,
getlocal(
'Visitor accepted invitation from operator {0}',
array($operator_name),
array(safe_htmlspecialchars($operator_name)),
get_current_locale(),
true
)
Expand All @@ -706,15 +706,15 @@ function chat_start_for_user(
if ($referrer) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
getlocal('Visitor came from page {0}', array(safe_htmlspecialchars($referrer)), get_current_locale(), true)
);
}
if ($requested_operator && !$requested_operator_online) {
$thread->postMessage(
Thread::KIND_INFO,
getlocal(
'Thank you for contacting us. We are sorry, but requested operator <strong>{0}</strong> is offline. Another operator will be with you shortly.',
array(get_operator_name($requested_operator)),
array(safe_htmlspecialchars(get_operator_name($requested_operator))),
get_current_locale(),
true
)
Expand All @@ -731,7 +731,7 @@ function chat_start_for_user(
if ($info) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Info: {0}', array($info), get_current_locale(), true)
getlocal('Info: {0}', array(safe_htmlspecialchars($info)), get_current_locale(), true)
);
}

Expand Down
Expand Up @@ -50,7 +50,7 @@ public function indexAction(Request $request)
if ($thread && $thread->state != Thread::STATE_CLOSED) {
$msg = getlocal(
"Visitor navigated to {0}",
array($referer),
array(safe_htmlspecialchars($referer)),
$thread->locale,
true
);
Expand Down
Expand Up @@ -181,7 +181,7 @@ protected function redirectToGroup(Thread $thread, $group_id)
Thread::KIND_EVENTS,
getlocal(
'Operator {0} redirected you to another operator. Please wait a while.',
array(get_operator_name($this->getOperator())),
array(safe_htmlspecialchars(get_operator_name($this->getOperator()))),
$thread->locale,
true
)
Expand Down Expand Up @@ -235,7 +235,7 @@ protected function redirectToOperator(Thread $thread, $operator_id)
Thread::KIND_EVENTS,
getlocal(
'Operator {0} redirected you to another operator. Please wait a while.',
array(get_operator_name($this->getOperator())),
array(safe_htmlspecialchars(get_operator_name($this->getOperator()))),
$thread->locale,
true
)
Expand Down
Expand Up @@ -671,7 +671,7 @@ protected function apiProcessSurvey($args)
if ($email) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
getlocal('E-Mail: {0}', array(safe_htmlspecialchars($email)), get_current_locale(), true)
);
}

Expand Down Expand Up @@ -790,19 +790,19 @@ protected function apiProcessLeaveMessage($args)
if ($referrer) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
getlocal('Visitor came from page {0}', array(safe_htmlspecialchars($referrer)), get_current_locale(), true)
);
}
if ($email) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
getlocal('E-Mail: {0}', array(safe_htmlspecialchars($email)), get_current_locale(), true)
);
}
if ($info) {
$thread->postMessage(
Thread::KIND_FOR_AGENT,
getlocal('Info: {0}', array($info), get_current_locale(), true)
getlocal('Info: {0}', array(safe_htmlspecialchars($info)), get_current_locale(), true)
);
}
$thread->postMessage(Thread::KIND_USER, $message, array('name' => $name));
Expand Down
16 changes: 8 additions & 8 deletions src/mibew/libs/classes/Mibew/Thread.php
Expand Up @@ -758,14 +758,14 @@ public function checkForReassign($operator)
if ($this->nextAgent == $operator['operatorid']) {
$message_to_post = getlocal(
"Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
array($operator_name, $this->agentName),
array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($this->agentName)),
$this->locale,
true
);
} else {
$message_to_post = getlocal(
"Operator {0} is back",
array($operator_name),
array(safe_htmlspecialchars($operator_name)),
$this->locale,
true
);
Expand Down Expand Up @@ -926,7 +926,7 @@ public function close($is_user)
self::KIND_EVENTS,
getlocal(
"Visitor {0} left the chat",
array($this->userName),
array(safe_htmlspecialchars($this->userName)),
$this->locale,
true
)
Expand All @@ -947,7 +947,7 @@ public function close($is_user)
self::KIND_EVENTS,
getlocal(
"Operator {0} left the chat",
array($this->agentName),
array(safe_htmlspecialchars($this->agentName)),
$this->locale,
true
)
Expand Down Expand Up @@ -1025,21 +1025,21 @@ public function take($operator)
if ($is_operator_changed) {
$message = getlocal(
"Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
array($operator_name, $this->agentName),
array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($this->agentName)),
$this->locale,
true
);
} elseif ($is_operator_joined) {
$message = getlocal(
"Operator {0} joined the chat",
array($operator_name),
array(safe_htmlspecialchars($operator_name)),
$this->locale,
true
);
} elseif ($is_operator_back) {
$message = getlocal(
"Operator {0} is back",
array($operator_name),
array(safe_htmlspecialchars($operator_name)),
$this->locale,
true
);
Expand Down Expand Up @@ -1083,7 +1083,7 @@ public function renameUser($new_name)
// Send message about renaming
$message = getlocal(
"The visitor changed their name <strong>{0}</strong> to <strong>{1}</strong>",
array($old_name, $new_name),
array(safe_htmlspecialchars($old_name), safe_htmlspecialchars($new_name)),
$this->locale,
true
);
Expand Down
2 changes: 1 addition & 1 deletion src/mibew/libs/invitation.php
Expand Up @@ -125,7 +125,7 @@ function invitation_invite($visitor_id, $operator)
Thread::KIND_FOR_AGENT,
getlocal(
'Operator {0} invites visitor at {1} page',
array($operator_name, $last_visited_page),
array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($last_visited_page)),
get_current_locale(),
true
)
Expand Down

0 comments on commit 84f5bca

Please sign in to comment.