Skip to content
Permalink
Browse files Browse the repository at this point in the history
BUG / SECURITY: module_system | class_link -> fixed some rare conditi…
…ons where a possible xss injection was possible for the systemid-param
  • Loading branch information
sidler committed Jun 8, 2014
1 parent 4a07f94 commit 8f1b181
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions module_system/system/class_link.php
Expand Up @@ -347,10 +347,12 @@ public static function getLinkPortalHref($strPageI, $strPageE = "", $strAction =


//create an array out of the params
$strParsedSystemid = "";
$arrParams = self::parseParamsString($strParams, $strParsedSystemid);
if($strSystemid == "" && validateSystemid($strParsedSystemid))
$strSystemid = $strParsedSystemid;
if($strSystemid != "") {
$strParams .= "&systemid=".$strSystemid;
$strSystemid = "";
}

$arrParams = self::parseParamsString($strParams, $strSystemid);

// any anchors set to the page?
$strAnchor = "";
Expand Down Expand Up @@ -496,7 +498,11 @@ private static function parseParamsString($strParams, &$strSystemid = "") {
$arrEntry = explode("=", $strValue);

if(count($arrEntry) == 2 && $arrEntry[0] == "systemid") {
$strSystemid = $arrEntry[1];
//encoded and sanitized systemid param TODO: add cve number or other identifier
$strSystemid = urlencode($arrEntry[1]);
if(!validateSystemid($strSystemid))
$strSystemid = "";

unset($arrParams[$strKey]);
}
else if($strValue == "")
Expand Down

0 comments on commit 8f1b181

Please sign in to comment.