Skip to content
Permalink
Browse files

fixes #1150 prevent HTML code in group name

It avoids any stored XSS between administrators and it's totally useless to have HTML code in the group name.
  • Loading branch information
plegall committed Feb 7, 2020
1 parent cade535 commit 619849ff8b39f536e9ce40687c07589f8b262278
Showing with 16 additions and 6 deletions.
  1. +13 −1 admin/group_list.php
  2. +3 −5 admin/themes/default/template/group_list.tpl
@@ -45,6 +45,11 @@
{
$page['errors'][] = l10n('The name of a group must not contain " or \' or be empty.');
}
else
{
$_POST['groupname'] = strip_tags($_POST['groupname']);
}

if (count($page['errors']) == 0)
{
// is the group not already existing ?
@@ -107,7 +112,7 @@
$group_names = array_from_query($query, 'name');
foreach($groups as $group)
{
$_POST['rename_'.$group] = stripslashes($_POST['rename_'.$group]);
$_POST['rename_'.$group] = strip_tags(stripslashes($_POST['rename_'.$group]));

if (in_array($_POST['rename_'.$group], $group_names))
{
@@ -181,6 +186,8 @@

if ($action=="merge" and count($groups) > 1)
{
$_POST['merge'] = strip_tags($_POST['merge']);

// is the group not already existing ?
$query = '
SELECT COUNT(*)
@@ -268,6 +275,11 @@
{
break;
}
else
{
$_POST['duplicate_'.$group.''] = strip_tags(stripslashes($_POST['duplicate_'.$group.'']));
}

// is the group not already existing ?
$query = '
SELECT COUNT(*)
@@ -128,7 +128,7 @@ $(document).ready(function() {
{if not empty($groups)}
{foreach from=$groups item=group}
<p group_id="{$group.ID}" class="grp_action">
<input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}" onfocus="this.value=(this.value=='{$group.NAME}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$group.NAME}' : this.value;">
<input type="text" class="large" name="rename_{$group.ID}" value="{$group.NAME}">
</p>
{/foreach}
{/if}
@@ -137,9 +137,8 @@ $(document).ready(function() {
<!-- merge -->
<div id="action_merge" class="bulkAction">
<p id="two_to_select">{'Please select at least two groups'|@translate}</p>
{assign var='mergeDefaultValue' value='Type here the name of the new group'|@translate}
<p id="two_atleast">
<input type="text" class="large" name="merge" value="{$mergeDefaultValue}" onfocus="this.value=(this.value=='{$mergeDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$mergeDefaultValue}' : this.value;">
<input type="text" class="large" name="merge" value="" placeholder="{'Type here the name of the new group'|translate}">
</p>
</div>

@@ -150,11 +149,10 @@ $(document).ready(function() {

<!-- duplicate -->
<div id="action_duplicate" class="bulkAction">
{assign var='duplicateDefaultValue' value='Type here the name of the new group'|@translate}
{if not empty($groups)}
{foreach from=$groups item=group}
<p group_id="{$group.ID}" class="grp_action">
{$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="{$duplicateDefaultValue}" onfocus="this.value=(this.value=='{$duplicateDefaultValue}') ? '' : this.value;" onblur="this.value=(this.value=='') ? '{$duplicateDefaultValue}' : this.value;">
{$group.NAME} > <input type="text" class="large" name="duplicate_{$group.ID}" value="" placeholder="{'Type here the name of the new group'|@translate}">
</p>
{/foreach}
{/if}

0 comments on commit 619849f

Please sign in to comment.
You can’t perform that action at this time.