Skip to content

Commit df75e07

Browse files
committed
This should fix the backend XSS.
1 parent 5a1daeb commit df75e07

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

Diff for: backend/core/engine/base.php

+4-3
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
* This class implements a lot of functionality that can be extended by a specific action
1212
*
1313
* @author Tijs Verkoyen <tijs@sumocoders.be>
14+
* @author Frederik Heyninck <frederik@figure8.be>
1415
*/
1516
class BackendBaseAction
1617
{
@@ -168,21 +169,21 @@ public function execute()
168169
$this->tpl->assign('report', true);
169170

170171
// camelcase the string
171-
$messageName = SpoonFilter::toCamelCase($this->getParameter('report'), '-');
172+
$messageName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('report')), '-');
172173

173174
// if we have data to use it will be passed as the var parameter
174175
if(!empty($var)) $this->tpl->assign('reportMessage', vsprintf(BL::msg($messageName), $var));
175176
else $this->tpl->assign('reportMessage', BL::msg($messageName));
176177

177178
// highlight an element with the given id if needed
178-
if($this->getParameter('highlight')) $this->tpl->assign('highlight', $this->getParameter('highlight'));
179+
if($this->getParameter('highlight')) $this->tpl->assign('highlight', SpoonFilter::stripHTML($this->getParameter('highlight')));
179180
}
180181

181182
// is there an error to show?
182183
if($this->getParameter('error') !== null)
183184
{
184185
// camelcase the string
185-
$errorName = SpoonFilter::toCamelCase($this->getParameter('error'), '-');
186+
$errorName = SpoonFilter::toCamelCase(SpoonFilter::stripHTML($this->getParameter('error')), '-');
186187

187188
// if we have data to use it will be passed as the var parameter
188189
if(!empty($var)) $this->tpl->assign('errorMessage', vsprintf(BL::err($errorName), $var));

0 commit comments

Comments
 (0)