Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix name/protocol XSS in controlcaps.php. Fixes #2445 (#2479)
  • Loading branch information
mnoorenberghe authored and connortechnology committed Jan 25, 2019
1 parent fd6179d commit 8c5687c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
3 changes: 3 additions & 0 deletions web/includes/functions.php
Expand Up @@ -450,6 +450,9 @@ function makeLink( $url, $label, $condition=1, $options='' ) {
return( $string );
}

/**
* $label must be already escaped. It can't be done here since it sometimes contains HTML tags.
*/
function makePopupLink( $url, $winName, $winSize, $label, $condition=1, $options='' ) {
// Avoid double-encoding since some consumers incorrectly pass a pre-escaped URL.
$string = '<a class="popup-link" href="' . htmlspecialchars($url, ENT_COMPAT | ENT_HTML401, ini_get("default_charset"), false) . '"';
Expand Down
4 changes: 2 additions & 2 deletions web/skins/classic/views/controlcaps.php
Expand Up @@ -63,9 +63,9 @@
{
?>
<tr>
<td class="colName"><?php echo makePopupLink( '?view=controlcap&cid='.$control['Id'], 'zmControlCap', 'controlcap', $control['Name'], canView( 'Control' ) ) ?></td>
<td class="colName"><?php echo makePopupLink( '?view=controlcap&cid='.$control['Id'], 'zmControlCap', 'controlcap', validHtmlStr($control['Name']), canView( 'Control' ) ) ?></td>
<td class="colType"><?php echo $control['Type'] ?></td>
<td class="colProtocol"><?php echo $control['Protocol'] ?></td>
<td class="colProtocol"><?php echo validHtmlStr($control['Protocol']) ?></td>
<td class="colCanMove"><?php echo $control['CanMove']?translate('Yes'):translate('No') ?></td>
<td class="colCanZoom"><?php echo $control['CanZoom']?translate('Yes'):translate('No') ?></td>
<td class="colCanFocus"><?php echo $control['CanFocus']?translate('Yes'):translate('No') ?></td>
Expand Down

0 comments on commit 8c5687c

Please sign in to comment.