Skip to content

Commit 8f1b181

Browse files
committed
BUG / SECURITY: module_system | class_link -> fixed some rare conditions where a possible xss injection was possible for the systemid-param
1 parent 4a07f94 commit 8f1b181

File tree

1 file changed

+11
-5
lines changed

1 file changed

+11
-5
lines changed

Diff for: module_system/system/class_link.php

+11-5
Original file line numberDiff line numberDiff line change
@@ -347,10 +347,12 @@ public static function getLinkPortalHref($strPageI, $strPageE = "", $strAction =
347347

348348

349349
//create an array out of the params
350-
$strParsedSystemid = "";
351-
$arrParams = self::parseParamsString($strParams, $strParsedSystemid);
352-
if($strSystemid == "" && validateSystemid($strParsedSystemid))
353-
$strSystemid = $strParsedSystemid;
350+
if($strSystemid != "") {
351+
$strParams .= "&systemid=".$strSystemid;
352+
$strSystemid = "";
353+
}
354+
355+
$arrParams = self::parseParamsString($strParams, $strSystemid);
354356

355357
// any anchors set to the page?
356358
$strAnchor = "";
@@ -496,7 +498,11 @@ private static function parseParamsString($strParams, &$strSystemid = "") {
496498
$arrEntry = explode("=", $strValue);
497499

498500
if(count($arrEntry) == 2 && $arrEntry[0] == "systemid") {
499-
$strSystemid = $arrEntry[1];
501+
//encoded and sanitized systemid param TODO: add cve number or other identifier
502+
$strSystemid = urlencode($arrEntry[1]);
503+
if(!validateSystemid($strSystemid))
504+
$strSystemid = "";
505+
500506
unset($arrParams[$strKey]);
501507
}
502508
else if($strValue == "")

0 commit comments

Comments
 (0)