[jan] Fix XSS vulnerability in Open Document mime viewer with differe…

…nt code path (Reported by: Mahdi Pasche <pasche@b1-systems.de>).
horde · Mar 2, 2022 · d76513a · d76513a
1 parent 0e1da2b
commit d76513a
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/doc/Horde/Mime/Viewer/changelog.yml b/doc/Horde/Mime/Viewer/changelog.yml
@@ -8,8 +8,9 @@
   license:
     identifier: LGPL-2.1
     uri: http://www.horde.org/licenses/lgpl21
-  notes: |+
-    
+  notes: |
+    [jan] Fix XSS vulnerability in Open Document mime viewer with different code path (Reported by: Mahdi Pasche <pasche@b1-systems.de>).
+    |+
 2.2.3:
   api: 2.1.0
   state:

diff --git a/lib/Horde/Mime/Viewer/Ooo.php b/lib/Horde/Mime/Viewer/Ooo.php
@@ -98,7 +98,10 @@ protected function _render()
                 } elseif ($file['name'] == 'content.xml') {
                     return array(
                         $this->_mimepart->getMimeId() => array(
-                            'data' => str_replace(array_keys($tags), array_values($tags), $content),
+                            'data' => Horde_Text_Filter::filter(
+                                str_replace(array_keys($tags), array_values($tags), $content),
+                                'xss'
+                            ),
                             'status' => array(),
                             'type' => 'text/html; charset=UTF-8'
                         )