From 4e0d00568ebce9fd9348833768b9b0a9c276baff Mon Sep 17 00:00:00 2001 From: Thorsten Eurich Date: Sat, 1 Jun 2013 21:57:27 +0200 Subject: [PATCH 1/3] less code is better.. use Util:htmlspecialchars instead of a plain htmlspecialchars.. Signed-off-by:Thorsten Eurich --- sources/controllers/Post.controller.php | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/sources/controllers/Post.controller.php b/sources/controllers/Post.controller.php index f880f5f034..e264c9f353 100644 --- a/sources/controllers/Post.controller.php +++ b/sources/controllers/Post.controller.php @@ -431,15 +431,9 @@ function action_post() // Are you... a guest? if ($user_info['is_guest']) { - $_REQUEST['guestname'] = !isset($_REQUEST['guestname']) ? '' : trim($_REQUEST['guestname']); - $_REQUEST['email'] = !isset($_REQUEST['email']) ? '' : trim($_REQUEST['email']); - - $_REQUEST['guestname'] = htmlspecialchars($_REQUEST['guestname']); - $context['name'] = $_REQUEST['guestname']; - $_REQUEST['email'] = htmlspecialchars($_REQUEST['email']); - $context['email'] = $_REQUEST['email']; - - $user_info['name'] = $_REQUEST['guestname']; + $context['name'] = !isset($_REQUEST['guestname']) ? '' : Util::htmlspecialchars(trim($_REQUEST['guestname'])); + $context['email'] = !isset($_REQUEST['email']) ? '' : Util::htmlspecialchars(trim($_REQUEST['email'])); + $user_info['name'] = $context['name']; } // Only show the preview stuff if they hit Preview. From a76dde7694e373113de2a5c4ba3ed27e4013a3d5 Mon Sep 17 00:00:00 2001 From: Thorsten Eurich Date: Sat, 1 Jun 2013 22:06:34 +0200 Subject: [PATCH 2/3] no dirty names and emails here.. Signed-off-by:Thorsten Eurich --- sources/controllers/Post.controller.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sources/controllers/Post.controller.php b/sources/controllers/Post.controller.php index e264c9f353..4ef4e698ab 100644 --- a/sources/controllers/Post.controller.php +++ b/sources/controllers/Post.controller.php @@ -1232,8 +1232,8 @@ function action_post2() // If the poster is a guest evaluate the legality of name and email. if ($posterIsGuest) { - $_POST['guestname'] = !isset($_POST['guestname']) ? '' : trim($_POST['guestname']); - $_POST['email'] = !isset($_POST['email']) ? '' : trim($_POST['email']); + $_POST['guestname'] = !isset($_POST['guestname']) ? '' : Util::htmlspecialchars(trim($_POST['guestname'])); + $_POST['email'] = !isset($_POST['email']) ? '' : Util::htmlspecialchars(trim($_POST['email'])); if ($_POST['guestname'] == '' || $_POST['guestname'] == '_') $post_errors->addError('no_name'); From 1e4330ba6ccbb706d4014cf1b495bfd7028c55cc Mon Sep 17 00:00:00 2001 From: Thorsten Eurich Date: Sat, 1 Jun 2013 22:38:05 +0200 Subject: [PATCH 3/3] make sure the subject has valid and clean content.. Signed-off-by:Thorsten Eurich --- sources/controllers/PersonalMessage.controller.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/controllers/PersonalMessage.controller.php b/sources/controllers/PersonalMessage.controller.php index 798de0b1ca..e51d7277fc 100644 --- a/sources/controllers/PersonalMessage.controller.php +++ b/sources/controllers/PersonalMessage.controller.php @@ -982,7 +982,7 @@ function action_sendmessage2() if (!isset($_REQUEST['xml']) && checkSession('post', '', false) != '') $post_errors->addError('session_timeout'); - $_REQUEST['subject'] = isset($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; + $_REQUEST['subject'] = isset($_REQUEST['subject']) ? strtr(Util::htmlspecialchars($_POST['subject']), array("\r" => '', "\n" => '', "\t" => '')) : ''; $_REQUEST['to'] = empty($_POST['to']) ? (empty($_GET['to']) ? '' : $_GET['to']) : $_POST['to']; $_REQUEST['bcc'] = empty($_POST['bcc']) ? (empty($_GET['bcc']) ? '' : $_GET['bcc']) : $_POST['bcc'];