Skip to content
Permalink
Browse files
Security: Remove "Security::remove_XSS", fix htmleditor get value
Related:

099ec41
  • Loading branch information
jmontoyaa committed Nov 20, 2018
1 parent b3fa8b0 commit d9c37bf1f3e43b67b4f5b54938af2c45a51db309
Showing with 41 additions and 18 deletions.
  1. +5 −3 main/inc/ajax/agenda.ajax.php
  2. +6 −7 main/inc/lib/formvalidator/Element/HtmlEditor.php
  3. +30 −8 main/inc/lib/pear/HTML/QuickForm/element.php
@@ -1,8 +1,10 @@
<?php
/* For licensing terms, see /license.txt */

/**
* Responses to AJAX calls.
*/

$type = isset($_REQUEST['type']) && in_array($_REQUEST['type'], ['personal', 'course', 'admin']) ? $_REQUEST['type'] : 'personal';

if ($type == 'personal') {
@@ -28,9 +30,9 @@
break;
}
$add_as_announcement = isset($_REQUEST['add_as_annonuncement']) ? $_REQUEST['add_as_annonuncement'] : null;
$title = isset($_REQUEST['title']) ? Security::remove_XSS($_REQUEST['title']) : null;
$content = isset($_REQUEST['content']) ? Security::remove_XSS($_REQUEST['content']) : null;
$comment = isset($_REQUEST['comment']) ? Security::remove_XSS($_REQUEST['comment']) : null;
$title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
$content = isset($_REQUEST['content']) ? $_REQUEST['content'] : null;
$comment = isset($_REQUEST['comment']) ? $_REQUEST['comment'] : null;
$userToSend = isset($_REQUEST['users_to_send']) ? $_REQUEST['users_to_send'] : [];

echo $agenda->addEvent(
@@ -31,7 +31,7 @@ public function __construct(
$config = []
) {
if (empty($name)) {
return false;
throw new \Exception('Name is required');
}

parent::__construct($name, $elementLabel, $attributes);
@@ -54,9 +54,9 @@ public function __construct(
*/
public function toHtml()
{
$value = Security::remove_XSS($this->getValue());
if ($this->editor) {
if ($this->editor->getConfigAttribute('fullPage')) {
$value = $this->getValue();
if (strlen(trim($value)) == 0) {
// TODO: To be considered whether here to add
// language and character set declarations.
@@ -70,10 +70,9 @@ public function toHtml()
return $this->getFrozenHtml();
} else {
$styleCss = $this->editor->getConfigAttribute('style');
$style = false;
if ($styleCss) {
$style = true;
} else {
$style = false;
}

return $this->buildEditor($style);
@@ -87,7 +86,7 @@ public function toHtml()
*/
public function getFrozenHtml()
{
return $this->getValue();
return $this->getCleanValue();
}

/**
@@ -99,9 +98,9 @@ public function buildEditor($style = false)
{
$result = '';
if ($this->editor) {
$this->editor->value = Security::remove_XSS($this->getValue());
$this->editor->value = $this->getCleanValue();
$this->editor->setName($this->getName());
if ($style == true) {
if ($style === true) {
$result = $this->editor->createHtmlStyle();
} else {
$result = $this->editor->createHtml();
@@ -253,12 +253,30 @@ public function setValue($value)
*/
public function getValue()
{
// interface
return null;
} // end func getValue
}

// }}}
// {{{ freeze()
/**
* @return string
*/
public function getCleanValue()
{
$value = $this->cleanValueFromParameter($this->getValue());

return $value;
}

/**
* @param string $value
*
* @return string
*/
public function cleanValueFromParameter($value)
{
$value = @htmlspecialchars($value, ENT_COMPAT, HTML_Common::charset());

This comment has been minimized.

Copy link
@aragonc

aragonc Nov 20, 2018

Member

Esto rompe todos los contenidos de documento html subidos por documentos y adjuntado dentro de un scorm chamilo ya no se puede editar o dar formato de correciónes desde el mismo chamilo. 😑

Todos los cursos CHAPA y CHACOBU del campus chamilo fueron afectados despues de este cambio.

Adjunto captura.

contenido_curso_chapa

This comment has been minimized.

Copy link
@jmontoyaa

jmontoyaa Nov 21, 2018

Author Member

campus chamilo está actualizado a 1.11.x??

This comment has been minimized.

Copy link
@jmontoyaa

jmontoyaa Nov 21, 2018

Author Member

Acabo de enviar unas correciones ahora debería de funcionar

This comment has been minimized.

Copy link
@jmontoyaa

jmontoyaa Nov 21, 2018

Author Member

Acabo de actualizar campus.chamilo y ahora funciona el html se ve correctamente


return $value;
}

/**
* Freeze the element so that only its value is returned
@@ -302,12 +320,16 @@ public function getFrozenHtml()
// Modified by Ivan Tcholakov, 16-MAR-2010.
//return ('' != $value? htmlspecialchars($value): '&nbsp;') .
// $this->_getPersistantData();
if (!empty($value)) {
$value = $this->getCleanValue();
} else {
$value = '&nbsp;';
}

$value .= $this->_getPersistantData();

$value = ('' != $value ? @htmlspecialchars($value, ENT_COMPAT, HTML_Common::charset()): '&nbsp;') .
$this->_getPersistantData();
return '<span class="freeze">'.$value.'</span>';
//
} //end func getFrozenHtml
}

/**
* Used by getFrozenHtml() to pass the element's value if _persistantFreeze is on

0 comments on commit d9c37bf

Please sign in to comment.