Skip to content
Permalink
Browse files Browse the repository at this point in the history
Resolvido issues do XSS
  • Loading branch information
paulones committed Aug 28, 2022
1 parent 8441584 commit 7e311be
Show file tree
Hide file tree
Showing 7 changed files with 281 additions and 245 deletions.
4 changes: 2 additions & 2 deletions app/controllers/ClassesController.php
Expand Up @@ -301,14 +301,14 @@ function actionGetDisciplines()
left join instructor_identification ii on t.instructor_fk = ii.id
where ii.users_fk = " . Yii::app()->user->loginInfos->id . " and t.classroom_id_fk = " . $crid . " order by d.name")->queryAll();
foreach ($disciplines as $discipline) {
echo CHtml::tag('option', array('value' => $discipline['id']), CHtml::encode($disciplinesLabels[$discipline['id']]), true);
echo htmlspecialchars(CHtml::tag('option', array('value' => $discipline['id']), CHtml::encode($disciplinesLabels[$discipline['id']]), true));
}
} else {
echo CHtml::tag('option', array('value' => ""), CHtml::encode('Selecione a disciplina'), true);
$classr = Yii::app()->db->createCommand("select distinct discipline_fk from schedule join edcenso_discipline on edcenso_discipline.id = schedule.discipline_fk where classroom_fk = " . $crid . " order by edcenso_discipline.name")->queryAll();
foreach ($classr as $i => $discipline) {
if (isset($discipline['discipline_fk'])) {
echo CHtml::tag('option', array('value' => $discipline['discipline_fk']), CHtml::encode($disciplinesLabels[$discipline['discipline_fk']]), true);
echo htmlspecialchars(CHtml::tag('option', array('value' => $discipline['discipline_fk']), CHtml::encode($disciplinesLabels[$discipline['discipline_fk']]), true));
}
}
}
Expand Down
14 changes: 7 additions & 7 deletions app/modules/calendar/resources/common/js/calendar.js
Expand Up @@ -27,7 +27,7 @@ $(document).on("click", ".create-calendar", function () {
}).success(function (data) {
data = JSON.parse(data);
if (!data.valid) {
form.find(".alert").html(data.error).show();
form.find(".alert").html(DOMPurify.sanitize(data.error)).show();
$("#myNewCalendar .centered-loading-gif").hide();
$("#myNewCalendar .modal-body").css("opacity", 1).css("pointer-events", "auto");
$("#myNewCalendar button").removeAttr("disabled");
Expand Down Expand Up @@ -68,7 +68,7 @@ $(document).on("click", ".edit-calendar-title-button", function () {
$(".calendar-container[data-id=" + $("#edit-calendar-title-modal").find("#Calendar_id").val() + "]").closest(".accordion-group").find(".accordion-title").text($("#edit-calendar-title-modal").find("#Calendar_title").val());
$("#edit-calendar-title-modal").modal("hide");
} else {
$("#edit-calendar-title-modal").find(".alert").html(data.error).show();
$("#edit-calendar-title-modal").find(".alert").html(DOMPurify.sanitize(data.error)).show();
}
}).complete(function () {
$("#edit-calendar-title-modal").find(".modal-body").css("opacity", 1).css("pointer-events", "auto");
Expand Down Expand Up @@ -106,7 +106,7 @@ $(document).on("click", ".remove-calendar-button", function () {
: $(".no-calendars-alert").show();
$("#removeCalendar").modal("hide");
} else {
$("#removeCalendar").find(".alert").html(data.error).show();
$("#removeCalendar").find(".alert").html(DOMPurify.sanitize(data.error)).show();
}
}).complete(function () {
$("#removeCalendar .centered-loading-gif").hide();
Expand Down Expand Up @@ -137,7 +137,7 @@ $(document).on("click", ".remove-event-button", function () {
eventDays.find(".calendar-icon").remove();
$("#myChangeEvent").modal("hide");
} else {
$("#myChangeEvent").find(".alert").html(data.error).show();
$("#myChangeEvent").find(".alert").html(DOMPurify.sanitize(data.error)).show();
}
}).complete(function () {
$("#myChangeEvent .centered-loading-gif").hide();
Expand Down Expand Up @@ -238,12 +238,12 @@ $(document).on("click", ".save-event", function (e) {
date.attr("data-id", data.eventId).attr("data-toggle", "tooltip").attr("data-placement", "top").attr("data-original-title", data.eventName);
date.parent().addClass("calendar-" + data.color);
date.children(".calendar-icon").remove();
date.prepend("<i class='calendar-icon fa " + data.icon + "'></i>");
date.prepend("<i class='calendar-icon fa " + DOMPurify.sanitize(data.icon) + "'></i>");
$("#myChangeEvent").modal("hide");
});
$('[data-toggle="tooltip"]').tooltip({container: "body"});
} else {
form.find(".alert").html(data.error).show();
form.find(".alert").html(DOMPurify.sanitize(data.error)).show();
}
}).complete(function () {
$("#myChangeEvent .centered-loading-gif").hide();
Expand Down Expand Up @@ -320,7 +320,7 @@ $(document).on("click", ".change-calendar-status-button", function () {
$(icon).tooltip({container: "body"});
$("#changeCalendarStatus").modal("hide");
} else {
$("#changeCalendarStatus").find(".alert").html(data.error).show();
$("#changeCalendarStatus").find(".alert").html(DOMPurify.sanitize(data.error)).show();
}
}).complete(function () {
$("#changeCalendarStatus .centered-loading-gif").hide();
Expand Down
31 changes: 20 additions & 11 deletions app/modules/quiz/resources/common/js/quiz.js
@@ -1,4 +1,4 @@
$('#save_button').click(function() {
$('#save_button').click(function() {
$('#quiz-form').submit();
});

Expand All @@ -9,10 +9,10 @@ $('#delete_button').click(function() {
var action = 'index.php?' + (url.indexOf("update") == -1 ? url.replace('create','delete') : url.replace('update','delete'));
$('#quiz-form').attr('action', action);
$('#quiz-form').submit();
}
}
});

$('#save_group_button').click(function() {
$('#save_group_button').click(function() {
$('#group-form').submit();
});

Expand All @@ -23,10 +23,10 @@ $('#delete_group_button').click(function() {
var action = 'index.php?' + (url.indexOf("update") == -1 ? url.replace('create','delete') : url.replace('update','delete'));
$('#group-form').attr('action', action);
$('#group-form').submit();
}
}
});

$('#save_question_group_button').click(function() {
$('#save_question_group_button').click(function() {
$('#questiongroup-form').submit();
});

Expand All @@ -37,11 +37,11 @@ $('#delete_question_group_button').click(function() {
var action = 'index.php?' + (url.indexOf("update") == -1 ? url.replace('create','delete') : url.replace('update','delete'));
$('#questiongroup-form').attr('action', action);
$('#questiongroup-form').submit();
}
}
});


$('#save_question_button').click(function() {
$('#save_question_button').click(function() {
$('#question-form').submit();
});

Expand All @@ -52,10 +52,10 @@ $('#delete_question_button').click(function() {
var action = 'index.php?' + (url.indexOf("update") == -1 ? url.replace('create','delete') : url.replace('update','delete'));
$('#question-form').attr('action', action);
$('#question-form').submit();
}
}
});

$('#save_answer_button').click(function() {
$('#save_answer_button').click(function() {
$('#answer-form').submit();
});

Expand All @@ -80,6 +80,9 @@ var Option = function(){
contentType: "application/json; charset=utf-8"
})
.done(function(data){
data = JSON.stringify(data);
data = DOMPurify.sanitize(data);
data = JSON.parse(data);
if(typeof data.errorCode != 'undefined' && data.errorCode == '0'){
var element = $('<tr></tr>')
.attr({'option-id': data.id, 'option-description': data.description, 'option-answer': data.answer, 'option-complement': data.complement})
Expand Down Expand Up @@ -109,6 +112,9 @@ var Option = function(){
contentType: "application/json; charset=utf-8"
})
.done(function(data){
data = JSON.stringify(data);
data = DOMPurify.sanitize(data);
data = JSON.parse(data);
if(typeof data.errorCode != 'undefined' && data.errorCode == '0'){
var elementActive = container.find('tr[option-id="'+data.id+'"]');
var element = $('<tr></tr>')
Expand Down Expand Up @@ -235,12 +241,12 @@ var Option = function(){
else if(type == 'radio'){
var partialUid = uid.substring(0,(uid.length -1));
var elementChecked = $('input[id^="'+partialUid+'"]:checked');

if(isChecked){
$('div[id^="'+partialUid+'"]').each(function(){
$(this).hide();
});

$('input[id^="'+partialUid+'"]').each(function(){
if($(this).attr('type') == 'text')
$(this).prop('disabled',true);
Expand Down Expand Up @@ -286,6 +292,9 @@ var QuizQuestion = function(){
contentType: "application/json; charset=utf-8"
})
.done(function(data){
data = JSON.stringify(data);
data = DOMPurify.sanitize(data);
data = JSON.parse(data);
if(typeof data.errorCode != 'undefined' && data.errorCode == '0'){
var element = $('<tr></tr>')
.attr({'key': data.quizId + '' + data.questionId, 'quiz-id': data.quizId, 'question-id': data.questionId, 'question-description': data.description})
Expand Down
46 changes: 23 additions & 23 deletions app/modules/timesheet/resources/common/js/timesheet.js
Expand Up @@ -439,29 +439,29 @@ $(document).on("click", ".workloads-activator", function () {
}
});

$(document).on("click", ".schedule-selected .instructor-name", function () {
var instructorId = $(this).attr("instructor_id");
var disciplineId = $(this)
.parent()
.find(".discipline-name")
.attr("discipline_id");
var scheduleId = $(this)
.parent()
.attr("schedule");

$.ajax({
url: getInstructorsUrl,
type: "POST",
data: {
discipline: disciplineId
}
}).success(function (result) {
$("#change-instructor-schedule").val(scheduleId);
$("#change-instructor-id").html(result);
$("#change-instructor-id").val(instructorId).select2();
$("#change-instructor-modal").modal();
});
});
// $(document).on("click", ".schedule-selected .instructor-name", function () {
// var instructorId = $(this).attr("instructor_id");
// var disciplineId = $(this)
// .parent()
// .find(".discipline-name")
// .attr("discipline_id");
// var scheduleId = $(this)
// .parent()
// .attr("schedule");
//
// $.ajax({
// url: getInstructorsUrl,
// type: "POST",
// data: {
// discipline: disciplineId
// }
// }).success(function (result) {
// $("#change-instructor-schedule").val(scheduleId);
// $("#change-instructor-id").html(result);
// $("#change-instructor-id").val(instructorId).select2();
// $("#change-instructor-modal").modal();
// });
// });
$(document).on("click", "#change-instructor-button", function () {
$.ajax({
url: changeInstructorUrl,
Expand Down
2 changes: 1 addition & 1 deletion js/classes/class-contents/_initialization.js
Expand Up @@ -76,7 +76,7 @@ $("#classroom").on("change", function () {
if (response == "") {
$("#disciplines").html("<option value='-1'></option>").trigger("change.select2").show();
} else {
$("#disciplines").html(response).trigger("change.select2").show();
$("#disciplines").html(decodeHtml(response)).trigger("change.select2").show();
}
$(".disciplines-container").show();
},
Expand Down
2 changes: 1 addition & 1 deletion js/classes/frequency/_initialization.js
Expand Up @@ -89,7 +89,7 @@ $("#classroom").on("change", function () {
if (response === "") {
$("#disciplines").html("<option value='-1'></option>").trigger("change.select2").show();
} else {
$("#disciplines").html(response).trigger("change.select2").show();
$("#disciplines").html(decodeHtml(response)).trigger("change.select2").show();
}
$(".disciplines-container").show();
},
Expand Down

0 comments on commit 7e311be

Please sign in to comment.