Skip to content
Permalink
Browse files Browse the repository at this point in the history
[FIXED GHSA-4hwx-678w-9cp5] XSS in pms
  • Loading branch information
w8tcha committed Jan 22, 2023
1 parent 3a38e71 commit 2237a9d
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 8 deletions.
10 changes: 5 additions & 5 deletions yafsrc/YetAnotherForum.NET/Pages/PostPrivateMessage.ascx.cs
Expand Up @@ -305,7 +305,7 @@ protected void Page_Load([NotNull] object sender, [NotNull] EventArgs e)
}

// handle subject
var subject = this.ReplyMessage.Subject;
var subject = HtmlHelper.StripHtml(this.ReplyMessage.Subject);
if (!subject.StartsWith("Re: "))
{
subject = $"Re: {subject}";
Expand Down Expand Up @@ -566,7 +566,7 @@ protected void Save_Click([NotNull] object sender, [NotNull] EventArgs e)
this.GetRepository<PMessage>().SendMessage(
this.PageBoardContext.PageUserID,
0,
this.PmSubjectTextBox.Text,
HtmlHelper.StripHtml(this.PmSubjectTextBox.Text),
body,
messageFlags.BitValue,
replyTo);
Expand Down Expand Up @@ -664,7 +664,7 @@ protected void Save_Click([NotNull] object sender, [NotNull] EventArgs e)
userId =>
{
var body = this.editor.Text;
var body = HtmlHelper.StripHtml(BBCodeHelper.EncodeCodeBlocks(this.editor.Text));
var messageFlags = new MessageFlags
{
Expand All @@ -675,7 +675,7 @@ protected void Save_Click([NotNull] object sender, [NotNull] EventArgs e)
this.GetRepository<PMessage>().SendMessage(
this.PageBoardContext.PageUserID,
userId,
this.PmSubjectTextBox.Text,
HtmlHelper.StripHtml(this.PmSubjectTextBox.Text),
body,
messageFlags.BitValue,
replyTo);
Expand All @@ -687,7 +687,7 @@ protected void Save_Click([NotNull] object sender, [NotNull] EventArgs e)
{
this.Get<ISendNotification>().ToPrivateMessageRecipient(
userId,
this.PmSubjectTextBox.Text.Trim());
HtmlHelper.StripHtml(this.PmSubjectTextBox.Text.Trim()));
}
});

Expand Down
3 changes: 2 additions & 1 deletion yafsrc/YetAnotherForum.NET/Pages/PrivateMessage.ascx
Expand Up @@ -3,6 +3,7 @@
<%@ Import Namespace="YAF.Types.Flags" %>
<%@ Import Namespace="YAF.Types.Objects.Model" %>
<%@ Import Namespace="YAF.Types.Interfaces.Services" %>
<%@ Import Namespace="YAF.Core.Helpers" %>

<YAF:PageLinks runat="server" ID="PageLinks" />

Expand Down Expand Up @@ -71,7 +72,7 @@
<div class="col mt-3">
<YAF:MessagePost ID="Message" runat="server"
MessageFlags="<%# new MessageFlags((Container.DataItem as PagedPm).Flags) %>"
Message="<%# (Container.DataItem as PagedPm).Body%>"
Message="<%# HtmlHelper.StripHtml((Container.DataItem as PagedPm).Body)%>"
MessageID="<%# (Container.DataItem as PagedPm).UserPMessageID %>" />
</div>
</div>
Expand Down
6 changes: 4 additions & 2 deletions yafsrc/YetAnotherForum.NET/Pages/PrivateMessage.ascx.cs
Expand Up @@ -145,8 +145,10 @@ private void BindData()
this.PageBoardContext.PageLinks.AddLink(this.GetText("INBOX"), this.Get<LinkBuilder>().GetLink(ForumPages.MyMessages));
}

this.PageBoardContext.PageLinks.AddLink(message.Subject);
this.MessageTitle.Text = message.Subject;
var subject = HtmlHelper.StripHtml(message.Subject);

this.PageBoardContext.PageLinks.AddLink(subject);
this.MessageTitle.Text = subject;

this.Inbox.DataSource = messages;
}
Expand Down

0 comments on commit 2237a9d

Please sign in to comment.