Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I would like to report for possible XSS vulnerability.
In file classroombookings-master\application\controllers\Weeks.php in function save_week
the input 'bgcol' will be saved in the DB and passed to the view when it will be printed without sanitization.
$data = array( 'name' => $this->input->post('name'), 'bgcol' => $this->input->post('bgcol'), ); if ($week_id = $this->weeks_model->insert($data)) { //... }
In file classroombookings-master\application\models\Weeks_model.php
public function insert($data){ $data = $this->sleep_values($data); $insert = $this->db->insert($this->table, $data); return $insert ? $this->db->insert_id() : FALSE; }
public function index(){ $this->data['weeks'] = $this->weeks_model->get_all(); $this->data['title'] = $this->data['showtitle'] = 'Timetable Weeks'; $body = $this->load->view('weeks/index', $this->data, TRUE); $this->data['body'] = $body; return $this->render(); }
public function get_all(){ $query = $this->db->from($this->table) ->order_by('name', 'ASC') ->get(); if ($query->num_rows() > 0) { $result = $query->result(); //.. return $result; } }
The In file C:\transfer_projects\classroombooking\classroombookings-master\application\views\weeks\index.php
<?php foreach ($weeks as $week) { //... $dot = week_dot($week); echo "<td style='text-align:center'>{$dot}</td>"; //... } ?>
In file classroombookings-master\application\helpers\week_helper.php
function week_dot($week, $size = 'md') { $col = $week->bgcol; $col = str_replace('#', '', $col); $col = '#' . $col; $out = "<span class='dot dot-week dot-size-{$size}' style='background-color:{$col}'></span>"; return $out; }
The text was updated successfully, but these errors were encountered:
Hello Feras, thanks for reporting this issue. This will be addressed in a future version.
The validation rules for bgcol ensure it is exactly 6-7 characters, which reduces the chances of most attacks.
bgcol
Sorry, something went wrong.
No branches or pull requests
Hello,
I would like to report for possible XSS vulnerability.
In file classroombookings-master\application\controllers\Weeks.php in function save_week
the input 'bgcol' will be saved in the DB and passed to the view when it will be printed without sanitization.
In file classroombookings-master\application\models\Weeks_model.php
In file classroombookings-master\application\controllers\Weeks.php in function save_week
In file classroombookings-master\application\models\Weeks_model.php
The
In file C:\transfer_projects\classroombooking\classroombookings-master\application\views\weeks\index.php
In file classroombookings-master\application\helpers\week_helper.php
The text was updated successfully, but these errors were encountered: