Skip to content

Commit

Permalink
Merge pull request from GHSA-ggj4-78rm-6xgv
Browse files Browse the repository at this point in the history
* fix 【JVN#24381990】XSS vulnerability in File upload Feature

* fix 【JVN#24381990】XSS vulnerability in File upload Feature 2

* admin-secondの対応
  • Loading branch information
ゴンドー committed Oct 26, 2023
1 parent 7555a5c commit eb59775
Show file tree
Hide file tree
Showing 8 changed files with 9 additions and 9 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
<?php if ($uploaderCategories): ?>
<?php echo $this->BcForm->input('UploaderFile.uploader_category_id', ['type' => 'select', 'options' => $uploaderCategories, 'empty' => __d('baser', 'カテゴリ指定なし'), 'id' => 'UploaderFileUploaderCategoryId' . $listId, 'style' => 'width:100px']) ?>&nbsp;
<?php endif ?>
<span id="SpanUploadFile<?php echo $listId ?>">
<span id="SpanUploadFile<?php echo h($listId) ?>">
<?php echo $this->BcForm->input('UploaderFile.file', ['type' => 'file', 'id' => 'UploaderFileFile' . $listId, 'class' => 'uploader-file-file', 'div' => false]) ?>
</span>
</div>
Expand All @@ -58,7 +58,7 @@
<?php if ($uploaderCategories): ?>
<?php echo $this->BcForm->input('UploaderFile.uploader_category_id', ['type' => 'select', 'options' => $uploaderCategories, 'empty' => __d('baser', 'カテゴリ指定なし'), 'id' => 'UploaderFileUploaderCategoryId' . $listId]) ?>
<?php endif ?>
<span id="SpanUploadFile<?php echo $listId ?>">
<span id="SpanUploadFile<?php echo h($listId) ?>">
<?php echo $this->BcForm->input('UploaderFile.file', ['type' => 'file', 'id' => 'UploaderFileFile' . $listId, 'class' => 'uploader-file-file', 'div' => false]) ?>
</span>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<?php if ($uploaderCategories): ?>
<?php echo $this->BcForm->input('UploaderFile.uploader_category_id', ['type' => 'select', 'options' => $uploaderCategories, 'empty' => __d('baser', 'カテゴリ指定なし'), 'id' => 'UploaderFileUploaderCategoryId' . $listId]) ?>&nbsp;
<?php endif ?>
<span id="SpanUploadFile<?php echo $listId ?>">
<span id="SpanUploadFile<?php echo h($listId) ?>">
<?php echo $this->BcForm->input('UploaderFile.file', ['type' => 'file', 'id' => 'UploaderFileFile' . $listId, 'class' => 'uploader-file-file', 'div' => false]) ?>
</span>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@
*/
?>
<h2><?php echo h($feedConfig['FeedConfig']['name']); ?></h2>
<?php echo $this->BcBaser->js('/feed/ajax/' . $id) ?>
<?php echo $this->BcBaser->js('/feed/ajax/' . h($id)) ?>
2 changes: 1 addition & 1 deletion lib/Baser/Plugin/Feed/View/FeedConfigs/admin/preview.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,4 +15,4 @@
*/
?>
<h2><?php $this->BcBaser->contentsTitle() ?></h2>
<?php echo $this->BcBaser->js('/feed/ajax/' . $id) ?>
<?php echo $this->BcBaser->js('/feed/ajax/' . h($id)) ?>
2 changes: 1 addition & 1 deletion lib/Baser/Plugin/Mail/View/Helper/MaildataHelper.php
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ public function toDisplayString($type, $value, $prefixSpace = true)
$this->BcBaser->getImg($link, ['width' => 400]), $link, ['target' => '_blank']
);
} else {
$result = $this->BcBaser->getLink($file, $link);
$result = $this->BcBaser->getLink($file, $link, ['escape' => true]);
}
break;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<?php if ($uploaderCategories): ?>
<?php echo $this->BcForm->input('UploaderFile.uploader_category_id', ['type' => 'select', 'options' => $uploaderCategories, 'empty' => __d('baser', 'カテゴリ指定なし'), 'id' => 'UploaderFileUploaderCategoryId' . $listId, 'style' => 'width:100px']) ?>&nbsp;
<?php endif ?>
<span id="SpanUploadFile<?php echo $listId ?>">
<span id="SpanUploadFile<?php echo h($listId) ?>">
<?php echo $this->BcForm->input('UploaderFile.file', ['type' => 'file', 'id' => 'UploaderFileFile' . $listId, 'class' => 'uploader-file-file', 'div' => false]) ?>
</span>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@
<?php if ($uploaderCategories): ?>
<?php echo $this->BcForm->input('UploaderFile.uploader_category_id', ['type' => 'select', 'options' => $uploaderCategories, 'empty' => __d('baser', 'カテゴリ指定なし'), 'id' => 'UploaderFileUploaderCategoryId' . $listId]) ?>&nbsp;
<?php endif ?>
<span id="SpanUploadFile<?php echo $listId ?>">
<span id="SpanUploadFile<?php echo h($listId) ?>">
<?php echo $this->BcForm->input('UploaderFile.file', ['type' => 'file', 'id' => 'UploaderFileFile' . $listId, 'class' => 'uploader-file-file', 'div' => false]) ?>
</span>
</div>
Expand Down
2 changes: 1 addition & 1 deletion lib/Baser/View/Helper/BcUploadHelper.php
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ public function fileLink($fieldName, $options = [])
if (is_array($options['link'])) {
$linkOptions = array_merge($linkOptions, $options['link']);
}
$out = $this->Html->tag('figure', $this->Html->link(__d('baser', 'ダウンロード') . '', $filePath, $linkOptions) . '<br>' . $this->Html->tag('figcaption', mb_basename($value), $figcaptionOptions), $figureOptions);
$out = $this->Html->tag('figure', $this->Html->link(__d('baser', 'ダウンロード') . '', $filePath, $linkOptions) . '<br>' . $this->Html->tag('figcaption', h(mb_basename($value)), $figcaptionOptions), $figureOptions);
}
} else {
$out = $value;
Expand Down

0 comments on commit eb59775

Please sign in to comment.