Permalink
Browse files

Prevent XSS on actionVar in header.tpl

The smarty template was reflecting the $_GET['a'] parameter without converting htmlspecialchars (was only using strip_tags)
  • Loading branch information...
1 parent 6b75a4d commit 77463eb6a8090f474b04fdc1b72225cb93c558ea @opengeek opengeek committed Nov 23, 2013
Showing with 6 additions and 3 deletions.
  1. +1 −0 core/docs/changelog.txt
  2. +3 −1 core/model/modx/modmanagerrequest.class.php
  3. +2 −2 manager/templates/default/header.tpl
View
@@ -2,6 +2,7 @@
This file shows the changes in recent releases of MODX. The most current release is usually the
development release, and is only shown to give an idea of what's currently in the pipeline.
+- Prevent XSS on actionVar in header.tpl
- Fix caching of manager menus
MODX Revolution 2.2.10-pl (October 7, 2013)
@@ -53,6 +53,8 @@ function __construct(modX & $modx) {
* @return boolean True if successful.
*/
public function initialize() {
+ $this->sanitizeRequest();
+
if (!defined('MODX_INCLUDES_PATH')) {
define('MODX_INCLUDES_PATH',$this->modx->getOption('manager_path').'includes/');
}
@@ -117,7 +119,7 @@ public function handleRequest() {
$this->modx->invokeEvent('OnHandleRequest');
/* save page to manager object. allow custom actionVar choice for extending classes. */
- $this->action = isset($_REQUEST[$this->actionVar]) ? $_REQUEST[$this->actionVar] : $this->defaultAction;
+ $this->action = isset($_REQUEST[$this->actionVar]) ? (integer)$_REQUEST[$this->actionVar] : $this->defaultAction;
/* invoke OnManagerPageInit event */
$this->modx->invokeEvent('OnManagerPageInit',array('action' => $this->action));
@@ -24,8 +24,8 @@
<script src="{$_config.manager_url}assets/ext3/ext-all.js" type="text/javascript"></script>
{/if}
<script src="{$_config.manager_url}assets/modext/core/modx.js" type="text/javascript"></script>
-<script src="{$_config.connectors_url}lang.js.php?ctx=mgr&topic=topmenu,file,resource,{$_lang_topics}&action={$smarty.get.a|strip_tags}" type="text/javascript"></script>
-<script src="{$_config.connectors_url}layout/modx.config.js.php?action={$smarty.get.a|strip_tags}{if $_ctx}&wctx={$_ctx}{/if}" type="text/javascript"></script>
+<script src="{$_config.connectors_url}lang.js.php?ctx=mgr&topic=topmenu,file,resource,{$_lang_topics}&action={$smarty.get.a|htmlspecialchars}" type="text/javascript"></script>
+<script src="{$_config.connectors_url}layout/modx.config.js.php?action={$smarty.get.a|htmlspecialchars}{if $_ctx}&wctx={$_ctx}{/if}" type="text/javascript"></script>
{if $_config.compress_js && $_config.compress_js_groups}
<script src="{$_config.manager_url}min/index.php?g=coreJs1" type="text/javascript"></script>

0 comments on commit 77463eb

Please sign in to comment.