Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Cross-site Scripting (XSS) when redirect an url
  • Loading branch information
Fasse committed Dec 6, 2021
1 parent 96faecb commit 470f534
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 4 deletions.
11 changes: 9 additions & 2 deletions adm_program/system/bootstrap/function.php
Expand Up @@ -301,7 +301,7 @@ function admFuncProcessableImageSize()
* @param array<string,mixed> $array The array with the element that should be checked
* @param string $variableName Name of the array element that should be checked
* @param string $datatype The datatype like **string**, **numeric**, **int**, **float**, **bool**, **boolean**, **html**,
* **date**, **file** or **folder** that is expected and which will be checked.
* **url**, **date**, **file** or **folder** that is expected and which will be checked.
* Datatype **date** expects a date that has the Admidio default format from the
* preferences or the english date format **Y-m-d**
* @param array<string,mixed> $options (optional) An array with the following possible entries:
Expand Down Expand Up @@ -387,7 +387,8 @@ function admFuncVariableIsValid(array $array, $variableName, $datatype, array $o

switch ($datatype)
{
case 'file':
case 'file': // fallthrough
case 'folder':
try
{
if ($value !== '')
Expand Down Expand Up @@ -461,6 +462,12 @@ function admFuncVariableIsValid(array $array, $variableName, $datatype, array $o
// check html string vor invalid tags and scripts
$value = Htmlawed::filter(stripslashes($value), array('safe' => 1));
break;

case 'url':
if (!StringUtils::strValidCharacters($value, 'url')) {
$errorMessage = $gL10n->get('SYS_INVALID_PAGE_VIEW');
}
break;
}

// wurde kein Fehler entdeckt, dann den Inhalt der Variablen zurueckgeben
Expand Down
3 changes: 2 additions & 1 deletion adm_program/system/classes/StringUtils.php
Expand Up @@ -182,7 +182,8 @@ public static function strValidCharacters($string, $checkType)
$validRegex = '=^[^/?*;:~<>|\"\\\\]+$=';
break;
case 'url':
$validRegex = '/^[\wáàâåäæçéèêîñóòôöõøœúùûüß$&!?() \/%=#:~.@+-]+$/i';
//$validRegex = '/^[\wáàâåäæçéèêîñóòôöõøœúùûüß$&!?() \/%=#:~.@+-]+$/i';
$validRegex = '/\b(?:(?:https?|ftp):\/\/|www\.)[-a-z0-9+&@#\/%?=~_|!:,.;]*[-a-z0-9+&@#\/%=~_|]/i';
break;
case 'phone':
$validRegex = '/^[\d() \/+-]+$/i';
Expand Down
2 changes: 1 addition & 1 deletion adm_program/system/redirect.php
Expand Up @@ -19,7 +19,7 @@
require_once(__DIR__ . '/common.php');

// Initialize and check the parameters
$getUrl = admFuncVariableIsValid($_GET, 'url', 'string', array('requireValue' => true));
$getUrl = admFuncVariableIsValid($_GET, 'url', 'url', array('requireValue' => true));

if (filter_var($getUrl, FILTER_VALIDATE_URL) === false)
{
Expand Down

0 comments on commit 470f534

Please sign in to comment.