Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [userSettings] Perform URI validation for bookmarks
- As reported by Dawid Czarnecki from Zigrin Security
  • Loading branch information
mokaddem committed Feb 7, 2022
1 parent dfb8d73 commit 14ec995
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 7 deletions.
14 changes: 14 additions & 0 deletions src/Model/Table/UserSettingsTable.php
Expand Up @@ -135,4 +135,18 @@ public function deleteBookmark($user, $data)
}
return $result;
}

/**
* validURI - Ensure the provided URI can be safely put as a link
*
* @param String $uri
* @return bool if the URI is safe to be put as a link
*/
public function validURI(String $uri): bool
{
$parsed = parse_url($uri);
$isLocalPath = empty($parsed['scheme']) && empty($parsed['domain']) && !empty($parsed['path']);
$isValidURL = !empty($parsed['scheme']) && in_array($parsed['scheme'], ['http', 'https']) && filter_var($uri, FILTER_SANITIZE_URL);
return $isLocalPath || $isValidURL;
}
}
20 changes: 15 additions & 5 deletions templates/Instance/home.php
@@ -1,5 +1,9 @@
<?php

use Cake\ORM\TableRegistry;

$bookmarks = !empty($loggedUser->user_settings_by_name['ui.bookmarks']['value']) ? json_decode($loggedUser->user_settings_by_name['ui.bookmarks']['value'], true) : [];
$this->userSettingsTable = TableRegistry::getTableLocator()->get('UserSettings');
?>

<h3>
Expand All @@ -9,18 +13,24 @@
<?= __('Bookmarks') ?>
</h3>
<div class="row">
<?php if (!empty($bookmarks)): ?>
<?php if (!empty($bookmarks)) : ?>
<ul class="col-sm-12 col-md-10 col-l-8 col-xl-8 mb-3">
<?php foreach ($bookmarks as $bookmark) : ?>
<li class="list-group-item">
<a href="<?= h($bookmark['url']) ?>" class="w-bold">
<?= h($bookmark['label']) ?>
</a>
<?php if ($this->userSettingsTable->validURI($bookmark['url'])): ?>
<a href="<?= h($bookmark['url']) ?>" class="w-bold">
<?= h($bookmark['label']) ?>
</a>
<?php else: ?>
<span class="w-bold">
<?= h($bookmark['url']) ?>
</span>
<?php endif; ?>
<span class="ms-3 fw-light"><?= h($bookmark['name']) ?></span>
</li>
<?php endforeach; ?>
</ul>
<?php else: ?>
<?php else : ?>
<p class="fw-light"><?= __('No bookmarks') ?></p>
<?php endif; ?>
</div>
Expand Down
9 changes: 7 additions & 2 deletions templates/element/layouts/sidebar/bookmark-entry.php
@@ -1,5 +1,8 @@
<?php
use Cake\Routing\Router;
use Cake\ORM\TableRegistry;

$this->userSettingsTable = TableRegistry::getTableLocator()->get('UserSettings');

$seed = 'sb-' . mt_rand();
$icon = $entry['icon'] ?? '';
Expand All @@ -14,6 +17,8 @@
$active = true;
}

$validURI = $this->userSettingsTable->validURI($url);

echo $this->Bootstrap->button([
'nodeType' => 'a',
'text' => h($label),
Expand All @@ -22,9 +27,9 @@
'outline' => !$active,
'size' => 'sm',
'icon' => h($icon),
'class' => ['mb-1'],
'class' => ['mb-1', !$validURI ? 'disabled' : ''],
'params' => [
'href' => h($url),
'href' => $validURI ? h($url) : '#',
]
]);
?>

0 comments on commit 14ec995

Please sign in to comment.