Skip to content

Commit

Permalink
3.0.9
Browse files Browse the repository at this point in the history 
Fix xss vulnerabilities in several text inputs
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Jun 10, 2023
1 parent 774985f commit 241dbd4
Show file tree
Hide file tree
Showing 14 changed files with 273 additions and 157 deletions.
149 changes: 123 additions & 26 deletions includes/js/functions.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -390,34 +390,14 @@ if (typeof String.prototype.utf8Decode == 'undefined') {
};
}

function fieldSanitizeStep1(
field,
bHtml=true,
bSvg=true,
bSvgFilters=true,
text=''
function simplePurifier(
text,
bHtml = false,
bSvg = false,
bSvgFilters = false
)
{
if (field === undefined ||field === '') {
return false;
}
let string = '';
text = (text === '') ? $(field).val() : text;
/*
// Sanitize string
var tagsToReplace = {
'&': '&',
'<': '&lt;',
'>': '&gt;',
"'" : '&#39;',
'"' : '&quot;'
};
text = text.replace(/[&<>'"]/g, function(tag) {
return tagsToReplace[tag] || tag;
});
*/
// Purify string
string = DOMPurify.sanitize(
return DOMPurify.sanitize(
text
.replaceAll('&lt;', '<')
.replaceAll('&gt;', '>')
Expand All @@ -426,12 +406,129 @@ function fieldSanitizeStep1(
.replaceAll('&#39;', "'"),
{USE_PROFILES: {html:bHtml, svg:bSvg, svgFilters: bSvgFilters}}
);
}

/**
* Permits to purify the content of a string using domPurify
* @param {*} field
* @param {*} bHtml
* @param {*} bSvg
* @param {*} bSvgFilters
* @param {*} text
* @returns bool||string
*/
function fieldDomPurifier(
field,
bHtml = false,
bSvg = false,
bSvgFilters = false,
text = ''
)
{
if (field === undefined ||field === '') {
return false;
}
let string = '';
text = (text === '') ? $(field).val() : text;

// Purify string
string = simplePurifier(text, bHtml, bSvg, bSvgFilters);

// Clear field if string is empty and warn user
if (string === '' && text !== '') {
$(field).val('');
return false;
}

return string;
}

/**
* Permits to get all fields of a class and purify them
* @param {*} elementClass
* @returns array
*/
function fieldDomPurifierLoop(elementClass)
{
let purifyStop = false,
arrFields = [];
$.each($(elementClass), function(index, element) {
purifiedField = fieldDomPurifier(
'#' + $(element).attr('id'),
$(element).hasClass('purifyHtml') === true ? true : false,
$(element).hasClass('purifySvg') === true ? true : false,
$(element).hasClass('purifySvgFilter') === true ? true : false,
typeof $(element).data('purify-text') !== undefined ? $(element).data('purify-text') : ''
);

if (purifiedField === false) {
// Label is empty
toastr.remove();
toastr.warning(
'XSS attempt detected. Please remove all special characters from your input.',
'Error', {
timeOut: 5000,
progressBar: true
}
);
$('#' + $(element).attr('id')).focus();
purifyStop = true;
return {
'purifyStop' : purifyStop,
'arrFields' : arrFields
};
} else {
$(element).val(purifiedField);
arrFields[$(element).data('field')] = purifiedField;
}
});

// return
return {
'purifyStop' : purifyStop,
'arrFields' : arrFields
};
}

/**
* Permits to purify the content of a string using domPurify
* @param {*} field
* @param {*} bHtml
* @param {*} bSvg
* @param {*} bSvgFilters
* @returns bool||string
*/
function fieldDomPurifierWithWarning(
field,
bHtml = false,
bSvg = false,
bSvgFilters = false,
)
{
if (field === undefined || field === '') {
return false;
}
if ($(field).val() === '') {
return '';
}
let string = '';

// Purify string
string = simplePurifier($(field).val(), bHtml, bSvg, bSvgFilters);

// Clear field if string is empty and warn user
if (string === '') {
toastr.remove();
toastr.warning(
'XSS attempt detected. Please remove all special characters from your input.',
'Error', {
timeOut: 5000,
progressBar: true
}
);
$(field).focus();
return false;
}

return string;
}
7 changes: 7 additions & 0 deletions pages/admin.js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,13 @@ function(data) {
return false;
}

// Sanitize value
value = fieldDomPurifierWithWarning('#' + field);
if (value === false) {
return false;
}
$('#' + field).val(value);

requestRunning = true;

var data = {
Expand Down
24 changes: 19 additions & 5 deletions pages/api.js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,10 +65,17 @@
if ($('#new_api_key_label') === '') {
return false;
}

// Sanitize text fields
purifyRes = fieldDomPurifierLoop('#new_api_key_label');
if (purifyRes.purifyStop === true) {
// if purify failed, stop
return false;
}

// Prepare data
var data = {
'label': $('#new_api_key_label').val(),
'label': purifyRes.arrFields['label'], //$('#new_api_key_label').val(),
'action': 'add',
}

Expand Down Expand Up @@ -196,7 +203,7 @@ function(data) {

$(document).on('click', '#new-api-key-save', function() {
var keyId = $(this).closest('tr').data('id'),
label = $(this).prev('input').val(),
label = simplePurifier($(this).prev('input').val()),
cell = $(this).closest('td');

// Prepare data
Expand All @@ -205,7 +212,7 @@ function(data) {
'label': label,
'action': 'update',
}

// Launch action
$.post(
'sources/admin.queries.php', {
Expand Down Expand Up @@ -258,9 +265,16 @@ function(data) {
return false;
}

// Sanitize text fields
purifyRes = fieldDomPurifierLoop('#new-api-ip .purify');
if (purifyRes.purifyStop === true) {
// if purify failed, stop
return false;
}

// Prepare data
var data = {
'label': $('#new_api_ip_label').val(),
'label': purifyRes.arrFields['label'],
'ip': $('#new_api_ip_value').val(),
'action': 'add',
}
Expand Down Expand Up @@ -398,7 +412,7 @@ function(data) {
// Prepare data
var data = {
'id': ipId,
'value': label,
'value': simplePurifier(label),
'field': field,
'action': 'update',
}
Expand Down
8 changes: 4 additions & 4 deletions pages/api.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,7 @@
<span class="text-bold"><?php echo langHdl('adding_new_api_key'); ?></span>

<div class="row mt-1 ml-1">
<input type="text" placeholder="<?php echo langHdl('label'); ?>" class="col-4 form-control form-control-sm" id="new_api_key_label">
<input type="text" placeholder="<?php echo langHdl('label'); ?>" class="col-4 form-control form-control-sm purify" id="new_api_key_label" data-field="label">
<span class="fa-stack ml-2 infotip pointer" title="<?php echo langHdl('adding_new_api_key'); ?>" id="button-new-api-key">
<i class="fas fa-square fa-stack-2x"></i>
<i class="fas fa-plus fa-stack-1x fa-inverse"></i>
Expand Down Expand Up @@ -211,13 +211,13 @@
</div>
</div>

<div class="form-group mt-4">
<div class="form-group mt-4" id="new-api-ip">
<div class="callout callout-info">
<span class="text-bold"><?php echo langHdl('adding_new_api_ip'); ?></span>

<div class="row mt-1 ml-1">
<input type="text" placeholder="<?php echo langHdl('ip'); ?>" class="col-4 form-control" id="new_api_ip_value" data-inputmask="'alias': 'ip'" data-mask>
<input type="text" placeholder="<?php echo langHdl('label'); ?>" class="col-4 form-control ml-2" id="new_api_ip_label">
<input type="text" placeholder="<?php echo langHdl('ip'); ?>" class="col-4 form-control" id="new_api_ip_value" data-inputmask="'alias': 'ip'">
<input type="text" placeholder="<?php echo langHdl('label'); ?>" class="col-4 form-control ml-2 purify" id="new_api_ip_label" data-field="label">
<span class="fa-stack ml-2 infotip pointer" title="<?php echo langHdl('settings_api_add_ip'); ?>" id="button-new-api-ip">
<i class="fas fa-square fa-stack-2x"></i>
<i class="fas fa-plus fa-stack-1x fa-inverse"></i>
Expand Down
6 changes: 3 additions & 3 deletions pages/backups.js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ function(data) {

// Prepare data
var data = {
'encryptionKey': $('#onthefly-backup-key').val(),
'encryptionKey': simplePurifier($('#onthefly-backup-key').val()),
};

//send query
Expand Down Expand Up @@ -125,7 +125,7 @@ function(data) {
// Store KEY in DB
var newData = {
"field": 'bck_script_passkey',
"value": $('#onthefly-backup-key').val(),
"value": simplePurifier($('#onthefly-backup-key').val()),
}

$.post(
Expand Down Expand Up @@ -193,7 +193,7 @@ function(data) {

// Prepare data
var data = {
'encryptionKey': $('#onthefly-restore-key').val(),
'encryptionKey': simplePurifier($('#onthefly-restore-key').val()),
'backupFile': $('#onthefly-restore-file').data('operation-id')
};
console.log(data);
Expand Down
47 changes: 0 additions & 47 deletions pages/emails.js.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,52 +145,5 @@ function(data) {
);
}


$(document).on('click', '#button-duo-save', function() {
// Prepare data
var data = {
'akey': $('#duo_akey').val(),
'ikey': $('#duo_ikey').val(),
'skey': $('#duo_skey').val(),
'host': $('#duo_host').val(),
}
console.log(data);

// Launch action
$.post(
'sources/admin.queries.php', {
type: 'save_duo_in_sk_file',
data: prepareExchangedData(JSON.stringify(data), "encode", "<?php echo $_SESSION['key']; ?>"),
key: '<?php echo $_SESSION['key']; ?>'
},
function(data) {
//decrypt data
data = decodeQueryReturn(data, '<?php echo $_SESSION['key']; ?>');

if (data.error === true) {
// ERROR
toastr.remove();
toastr.warning(
'<?php echo langHdl('none_selected_text'); ?>',
'', {
timeOut: 5000,
progressBar: true
}
);
} else {
// Inform user
toastr.remove();
toastr.success(
'<?php echo langHdl('done'); ?>',
'', {
timeOut: 1000
}
);
}
}
);
});


//]]>
</script>
Loading

0 comments on commit 241dbd4

Please sign in to comment.