Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent XSS on actionVar in header.tpl
The smarty template was reflecting the $_GET['a'] parameter without converting htmlspecialchars (was only using strip_tags)
  • Loading branch information
opengeek committed Nov 23, 2013
1 parent 6b75a4d commit 77463eb
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 3 deletions.
1 change: 1 addition & 0 deletions core/docs/changelog.txt
Expand Up @@ -2,6 +2,7 @@
This file shows the changes in recent releases of MODX. The most current release is usually the
development release, and is only shown to give an idea of what's currently in the pipeline.

- Prevent XSS on actionVar in header.tpl
- Fix caching of manager menus

MODX Revolution 2.2.10-pl (October 7, 2013)
Expand Down
4 changes: 3 additions & 1 deletion core/model/modx/modmanagerrequest.class.php
Expand Up @@ -53,6 +53,8 @@ function __construct(modX & $modx) {
* @return boolean True if successful.
*/
public function initialize() {
$this->sanitizeRequest();

if (!defined('MODX_INCLUDES_PATH')) {
define('MODX_INCLUDES_PATH',$this->modx->getOption('manager_path').'includes/');
}
Expand Down Expand Up @@ -117,7 +119,7 @@ public function handleRequest() {
$this->modx->invokeEvent('OnHandleRequest');

/* save page to manager object. allow custom actionVar choice for extending classes. */
$this->action = isset($_REQUEST[$this->actionVar]) ? $_REQUEST[$this->actionVar] : $this->defaultAction;
$this->action = isset($_REQUEST[$this->actionVar]) ? (integer)$_REQUEST[$this->actionVar] : $this->defaultAction;

/* invoke OnManagerPageInit event */
$this->modx->invokeEvent('OnManagerPageInit',array('action' => $this->action));
Expand Down
4 changes: 2 additions & 2 deletions manager/templates/default/header.tpl
Expand Up @@ -24,8 +24,8 @@
<script src="{$_config.manager_url}assets/ext3/ext-all.js" type="text/javascript"></script>
{/if}
<script src="{$_config.manager_url}assets/modext/core/modx.js" type="text/javascript"></script>
<script src="{$_config.connectors_url}lang.js.php?ctx=mgr&topic=topmenu,file,resource,{$_lang_topics}&action={$smarty.get.a|strip_tags}" type="text/javascript"></script>
<script src="{$_config.connectors_url}layout/modx.config.js.php?action={$smarty.get.a|strip_tags}{if $_ctx}&wctx={$_ctx}{/if}" type="text/javascript"></script>
<script src="{$_config.connectors_url}lang.js.php?ctx=mgr&topic=topmenu,file,resource,{$_lang_topics}&action={$smarty.get.a|htmlspecialchars}" type="text/javascript"></script>
<script src="{$_config.connectors_url}layout/modx.config.js.php?action={$smarty.get.a|htmlspecialchars}{if $_ctx}&wctx={$_ctx}{/if}" type="text/javascript"></script>

{if $_config.compress_js && $_config.compress_js_groups}
<script src="{$_config.manager_url}min/index.php?g=coreJs1" type="text/javascript"></script>
Expand Down

0 comments on commit 77463eb

Please sign in to comment.