Skip to content
Permalink
Browse files
Fix stored xss issue in nicedit (sandboxing iframes).
Prevent directory browsing of various resource folders.
Improved UI in homepage.
  • Loading branch information
Ahmad Gneady committed Jul 10, 2021
1 parent cf94cd1 commit 1f1e45f74275e5d879fa81687541e629bbcd6acd
@@ -8,4 +8,5 @@ app/images
!app/images/blank*
*.log
*.cache
*.zip
*.zip
test*.php
@@ -1819,7 +1819,12 @@ function safe_html($str, $noBr = false) {
if($str == strip_tags($str)) return $noBr ? $str : nl2br($str);

$hc = new CI_Input(datalist_db_encoding);
return $hc->xss_clean(bgStyleToClass($str));
$str = $hc->xss_clean(bgStyleToClass($str));

// sandbox iframes
$str = preg_replace('/(<|&lt;)iframe(.*?)(>|&gt;)/i', '$1iframe sandbox $2$3', $str);

return $str;
}
#########################################################
function getLoggedGroupID() {
@@ -1,6 +1,6 @@
<?php
$appgini_version = '6.0.1145';
$generated_ts = '3/7/2021 11:50:27 PM';
$generated_ts = '10/7/2021 9:10:58 PM';

$currDir = dirname(__FILE__);
require("{$currDir}/incCommon.php");
@@ -124,8 +124,8 @@
<?php if($can_insert && $tChkAHAN !== false && $tChkAHAN !== null) { ?>

<div class="btn-group" style="width: 100%;">
<a style="width: 85%;" class="btn btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo preg_replace("/&amp;(#[0-9]+|[a-z]+);/i", "&$1;", html_attr(strip_tags($tc['Description']))); ?>" href="<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?>"><?php echo ($tc['tableIcon'] ? '<img src="' . $tc['tableIcon'] . '">' : '');?><strong class="table-caption"><?php echo $tc['Caption']; ?></strong><?php echo $count_badge; ?></a>
<a id="<?php echo $tn; ?>_add_new" style="width: 15%; padding-right: 0.1rem; padding-left: 0.1rem;" class="btn btn-add-new btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo html_attr($Translation['Add New']); ?>" href="<?php echo $tn; ?>_view.php?addNew_x=1"><i style="vertical-align: bottom;" class="glyphicon glyphicon-plus"></i></a>
<a style="width: calc(100% - 3.5em);" class="btn btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo preg_replace("/&amp;(#[0-9]+|[a-z]+);/i", "&$1;", html_attr(strip_tags($tc['Description']))); ?>" href="<?php echo $tn; ?>_view.php<?php echo $searchFirst; ?>"><?php echo ($tc['tableIcon'] ? '<img src="' . $tc['tableIcon'] . '">' : '');?><strong class="table-caption"><?php echo $tc['Caption']; ?></strong><?php echo $count_badge; ?></a>
<a id="<?php echo $tn; ?>_add_new" style="width: 3.5em; padding-right: 0.1rem; padding-left: 0.1rem;" class="btn btn-add-new btn-lg <?php echo (!$i ? $block_classes['first']['link'] : $block_classes['other']['link']); ?>" title="<?php echo html_attr($Translation['Add New']); ?>" href="<?php echo $tn; ?>_view.php?addNew_x=1"><i style="vertical-align: bottom;" class="glyphicon glyphicon-plus"></i></a>
</div>
<?php } else { ?>

Empty file.
Empty file.
Empty file.

Large diffs are not rendered by default.

0 comments on commit 1f1e45f

Please sign in to comment.