Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix stored XSS on dynamic fields configuration
  • Loading branch information
trasher committed Apr 5, 2021
1 parent f54b257 commit 8f3bdd9
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion galette/lib/Galette/DynamicFields/DynamicField.php
Expand Up @@ -698,7 +698,7 @@ public function store($values)

try {
$values = array(
'field_name' => $this->name,
'field_name' => strip_tags($this->name),
'field_perm' => $this->perm,
'field_required' => $this->required,
'field_width' => ($this->width === null ? new Expression('NULL') : $this->width),
Expand Down
4 changes: 2 additions & 2 deletions galette/lib/Galette/Entity/TranslatableTrait.php
Expand Up @@ -66,9 +66,9 @@ trait TranslatableTrait
public function getName($translated = true)
{
if ($translated === true) {
return _T($this->name);
return _T(strip_tags($this->name));
} else {
return $this->name;
return strip_tags($this->name);
}
}
}
10 changes: 5 additions & 5 deletions galette/templates/default/configurer_fiche_content.tpl
Expand Up @@ -27,21 +27,21 @@
class="tooltip action"
>
<i class="fas fa-user-edit fa-fw" aria-hidden="true"></i>
<span class="sr-only">{_T string="Edit '%s' field" pattern="/%s/" replace=$field->getName()}</span>
<span class="sr-only">{_T string="Edit '%s' field" pattern="/%s/" replace=$field->getName()|escape}</span>
</a>
<a
href="{path_for name="dynamicTranslations" data=["text_orig" => {$field->getName(false)|escape}]}"
class="tooltip"
>
<i class="fas fa-language fa-fw" aria-hidden="true"></i>
<span class="sr-only">{_T string="Translate '%s' field" pattern="/%s/" replace=$field->getName()}</span>
<span class="sr-only">{_T string="Translate '%s' field" pattern="/%s/" replace=$field->getName()|escape}</span>
</a>
<a
href="{path_for name="removeDynamicField" data=["form_name" => $form_name, "id" => $field->getId()]}"
class="delete tooltip"
>
<i class="fas fa-trash" aria-hidden="true"></i>
<span class="sr-only">{_T string="Delete '%s' field" pattern="/%s/" replace=$field->getName()}</span>
<span class="sr-only">{_T string="Delete '%s' field" pattern="/%s/" replace=$field->getName()|escape}</span>
</a>
{if $field->getIndex() eq 1}
<i class="fas fa-fw">&nbsp;</i>
Expand All @@ -51,7 +51,7 @@
class="tooltip action"
>
<i class="fas fa-caret-up fa-fw"></i>
<span class="sr-only">{_T string="Move up '%s' field" pattern="/%s/" replace=$field->getName()}</span>
<span class="sr-only">{_T string="Move up '%s' field" pattern="/%s/" replace=$field->getName()|escape}</span>
</a>
{/if}
{if $field->getIndex() eq $fields_list|@count}
Expand All @@ -62,7 +62,7 @@
class="tooltip"
>
<i class="fas fa-caret-down fa-fw"></i>
<span class="sr-only">{_T string="Move down '%s' field" pattern="/%s/" replace=$field->getName()}</span>
<span class="sr-only">{_T string="Move down '%s' field" pattern="/%s/" replace=$field->getName()|escape}</span>
</a>
{/if}
</td>
Expand Down

0 comments on commit 8f3bdd9

Please sign in to comment.