Skip to content
Permalink
Browse files

avoid xss attack on user picture

  • Loading branch information...
orthagh authored and trasher committed Jun 20, 2019
1 parent 6189eee commit c2aa7a7cd6af28be3809acc7e7842d2d2008c0fb
Showing with 17 additions and 0 deletions.
  1. +17 −0 inc/user.class.php
@@ -550,6 +550,11 @@ function prepareInputForAdd($input) {
return false;
}
// avoid xss (picture field is autogenerated)
if (isset($input['picture'])) {
$input['picture'] = 'NULL';
}
if (!isset($input["authtype"])) {
$input["authtype"] = Auth::DB_GLPI;
}
@@ -681,6 +686,11 @@ function post_addItem() {
function prepareInputForUpdate($input) {
global $CFG_GLPI;
// avoid xss (picture field is autogenerated)
if (isset($input['picture'])) {
$input['picture'] = 'NULL';
}
//picture manually uploaded by user
if (isset($input["_blank_picture"]) && $input["_blank_picture"]) {
self::dropPictureFiles($this->fields['picture']);
@@ -2004,6 +2014,7 @@ function showForm($ID, array $options = []) {
}
if (!empty($this->fields["name"])) {
echo "<td rowspan='4'>" . __('Picture') . "</td>";
echo "<td rowspan='4'>";
echo "<div class='user_picture_border_small' id='picture$rand'>";
@@ -4853,6 +4864,9 @@ static function checkDefaultPasswords() {
static function getURLForPicture($picture) {
global $CFG_GLPI;
// prevent xss
$picture = Html::cleanInputText($picture);
if (!empty($picture)) {
return $CFG_GLPI["root_doc"]."/front/document.send.php?file=_pictures/$picture";
}
@@ -4872,6 +4886,9 @@ static function getURLForPicture($picture) {
static function getThumbnailURLForPicture($picture) {
global $CFG_GLPI;
// prevent xss
$picture = Html::cleanInputText($picture);
if (!empty($picture)) {
$tmp = explode(".", $picture);
if (count($tmp) ==2) {

0 comments on commit c2aa7a7

Please sign in to comment.
You can’t perform that action at this time.