Permalink
Browse files

Security: Fix XSS vulnerability in agenda - see security report 28 - …

…additions
  • Loading branch information...
ywarnier committed Nov 15, 2018
1 parent 1d68026 commit 099ec4117ed4aa6bd966f1928718fe69a0773723
Showing with 21 additions and 5 deletions.
  1. +9 −5 main/inc/ajax/agenda.ajax.php
  2. +12 −0 main/inc/lib/agenda.lib.php
@@ -19,22 +19,26 @@
}
$agenda = new Agenda($type);
// get filtered type
$type = $agenda->getType();
switch ($action) {
case 'add_event':
if (!$agenda->getIsAllowedToEdit()) {
break;
}
$add_as_announcement = isset($_REQUEST['add_as_annonuncement']) ? $_REQUEST['add_as_annonuncement'] : null;
$comment = isset($_REQUEST['comment']) ? $_REQUEST['comment'] : null;
$title = isset($_REQUEST['title']) ? Security::remove_XSS($_REQUEST['title']) : null;
$content = isset($_REQUEST['content']) ? Security::remove_XSS($_REQUEST['content']) : null;
$comment = isset($_REQUEST['comment']) ? Security::remove_XSS($_REQUEST['comment']) : null;
$userToSend = isset($_REQUEST['users_to_send']) ? $_REQUEST['users_to_send'] : [];
echo $agenda->addEvent(
$_REQUEST['start'],
$_REQUEST['end'],
$_REQUEST['all_day'],
$_REQUEST['title'],
$_REQUEST['content'],
$title,
$content,
$userToSend,
$add_as_announcement,
null, //$parentEventId = null,
@@ -54,8 +58,8 @@
$_REQUEST['start'],
$_REQUEST['end'],
$_REQUEST['all_day'],
$_REQUEST['title'],
$_REQUEST['content']
$title,
$content
);
break;
case 'delete_event':
@@ -160,6 +160,18 @@ public function setType($type)
}
}
/**
* Returns the type previously set (and filtered) through setType
* If setType() was not called, then type defaults to "personal" as
* set in the class definition.
*/
public function getType()
{
if (isset($this->type)) {
return $this->type;
}
}
/**
* @param int $id
*/

0 comments on commit 099ec41

Please sign in to comment.