Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix stored xss issue in nicedit (sandboxing iframes).
Prevent directory browsing of various resource folders.
Improved UI in homepage.
  • Loading branch information
Ahmad Gneady committed Jul 10, 2021
1 parent cf94cd1 commit 1f1e45f
Show file tree
Hide file tree
Showing 8 changed files with 12 additions and 6 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Expand Up @@ -8,4 +8,5 @@ app/images
!app/images/blank*
*.log
*.cache
*.zip
*.zip
test*.php
7 changes: 6 additions & 1 deletion app/admin/incFunctions.php
Expand Up @@ -1819,7 +1819,12 @@ function safe_html($str, $noBr = false) {
if($str == strip_tags($str)) return $noBr ? $str : nl2br($str);

$hc = new CI_Input(datalist_db_encoding);
return $hc->xss_clean(bgStyleToClass($str));
$str = $hc->xss_clean(bgStyleToClass($str));

// sandbox iframes
$str = preg_replace('/(<|&lt;)iframe(.*?)(>|&gt;)/i', '$1iframe sandbox $2$3', $str);

return $str;
}
#########################################################
function getLoggedGroupID() {
Expand Down
2 changes: 1 addition & 1 deletion app/admin/pageServerStatus.php
@@ -1,6 +1,6 @@
<?php
$appgini_version = '6.0.1145';
$generated_ts = '3/7/2021 11:50:27 PM';
$generated_ts = '10/7/2021 9:10:58 PM';

$currDir = dirname(__FILE__);
require("{$currDir}/incCommon.php");
Expand Down
4 changes: 2 additions & 2 deletions app/home.php
Expand Up @@ -124,8 +124,8 @@
<?php if($can_insert && $tChkAHAN !== false && $tChkAHAN !== null) { ?>

<div class="btn-group" style="width: 100%;">
<a style="width: 85%;" class="btn btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo preg_replace("/&amp;(#[0-9]+|[a-z]+);/i", "&$1;", html_attr(strip_tags($tc['Description']))); ?>" href="<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?>"><?php echo ($tc['tableIcon'] ? '<img src="' . $tc['tableIcon'] . '">' : '');?><strong class="table-caption"><?php echo $tc['Caption']; ?></strong><?php echo $count_badge; ?></a>
<a id="<?php echo $tn; ?>_add_new" style="width: 15%; padding-right: 0.1rem; padding-left: 0.1rem;" class="btn btn-add-new btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo html_attr($Translation['Add New']); ?>" href="<?php echo $tn; ?>_view.php?addNew_x=1"><i style="vertical-align: bottom;" class="glyphicon glyphicon-plus"></i></a>
<a style="width: calc(100% - 3.5em);" class="btn btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo preg_replace("/&amp;(#[0-9]+|[a-z]+);/i", "&$1;", html_attr(strip_tags($tc['Description']))); ?>" href="<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?>"><?php echo ($tc['tableIcon'] ? '<img src="' . $tc['tableIcon'] . '">' : '');?><strong class="table-caption"><?php echo $tc['Caption']; ?></strong><?php echo $count_badge; ?></a>
<a id="<?php echo $tn; ?>_add_new" style="width: 3.5em; padding-right: 0.1rem; padding-left: 0.1rem;" class="btn btn-add-new btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo html_attr($Translation['Add New']); ?>" href="<?php echo $tn; ?>_view.php?addNew_x=1"><i style="vertical-align: bottom;" class="glyphicon glyphicon-plus"></i></a>
</div>
<?php } else { ?>

Expand Down
Empty file.
Empty file.
Empty file added app/resources/moment/index.html
Empty file.
2 changes: 1 addition & 1 deletion orpm.axp

Large diffs are not rendered by default.

0 comments on commit 1f1e45f

Please sign in to comment.