Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
3.0.10
Fix for #3779, #3775
Fix for improper handling of input in admin setting pages
  • Loading branch information
nilsteampassnet committed Jul 8, 2023
1 parent cb8ea5c commit cc6abc7
Show file tree
Hide file tree
Showing 7 changed files with 44 additions and 41 deletions.
29 changes: 25 additions & 4 deletions includes/js/functions.js
Expand Up @@ -395,10 +395,10 @@ function simplePurifier(
bHtml = false,
bSvg = false,
bSvgFilters = false
)
)
{
return DOMPurify.sanitize(
text
sanitizeDom(text)
.replaceAll('&lt;', '<')
.replaceAll('&#x3C;', '<')
.replaceAll('&#60;', '<')
Expand Down Expand Up @@ -515,6 +515,7 @@ function fieldDomPurifierWithWarning(
bHtml = false,
bSvg = false,
bSvgFilters = false,
bSetting = false,
)
{
if (field === undefined || field === '') {
Expand All @@ -523,10 +524,22 @@ function fieldDomPurifierWithWarning(
if ($(field).val() === '') {
return '';
}
let string = '';
let string = '',
currentString = $(field).val();

// if bSetting is true, we use the setting value
// remove any closing ', string that could corrupt the setting
if (bSetting === true) {
currentString = currentString.replace(/',/g, '');
}

// Purify string
string = simplePurifier($(field).val(), bHtml, bSvg, bSvgFilters);
string = simplePurifier(
sanitizeDom(currentString),
bHtml,
bSvg,
bSvgFilters
);

// Clear field if string is empty and warn user
if (string === '') {
Expand All @@ -543,4 +556,12 @@ function fieldDomPurifierWithWarning(
}

return string;
}

const sanitizeDom = (str) => {
const div = document.createElement('div');
div.textContent = str;
newString = div.innerHTML;
div.remove();
return newString;
}
Expand Up @@ -455,6 +455,7 @@ public function __construct()
{
$this->_initNeverAllowedStr();
$this->_initNeverAllowedRegex();
UTF8::checkForSupport();
}

/**
Expand Down
31 changes: 6 additions & 25 deletions pages/2fa.js.php
Expand Up @@ -55,34 +55,15 @@
<script type='text/javascript'>
//<![CDATA[

console.log('2FA loaded')

$(document).on('click', '.generate-key', function() {
var size = $(this).data('length'),
target = $(this).closest('.input-group').find('input').attr('id');

$.post(
'sources/main.queries.php', {
type: 'generate_new_key',
type_category: 'action_key',
size: size
},
function(data) {
$('#' + target).val(data[0].key);
},
'json'
);
})


$(document).on('click', '#button-duo-config-check', function() {
var data = "{\"ikey\":\"" + sanitizeString($("#duo_ikey").val()) + "\", \"skey\":\"" + sanitizeString($("#duo_skey").val()) + "\", \"host\":\"" + sanitizeString($("#duo_host").val()) + "\"}";
toastr
.info('<?php echo langHdl('loading_item'); ?> ... <i class="fas fa-circle-notch fa-spin fa-2x"></i>');

// Prepare data
var data = {
'duo_ikey': $('#duo_ikey').val(),
'duo_skey': $('#duo_skey').val(),
'duo_host': $('#duo_host').val()
'duo_ikey': sanitizeString($('#duo_ikey').val()),
'duo_skey': sanitizeString($('#duo_skey').val()),
'duo_host': sanitizeString($('#duo_host').val())
}
console.log(data);

Expand Down Expand Up @@ -110,7 +91,7 @@ function(data) {
} else {
// Inform user
toastr.remove();
toastr.info(
toastr.success(
'<?php echo langHdl('duo-config-check-success'); ?>',
'', {
timeOut: 5000
Expand Down
8 changes: 4 additions & 4 deletions pages/2fa.php
Expand Up @@ -157,7 +157,7 @@
</small>
</div>
<div class="col-3">
<input type="text" class="form-control form-control-sm" id="ga_website_name" value="<?php echo isset($SETTINGS['ga_website_name']) === true ? $SETTINGS['ga_website_name'] : ''; ?>">
<input type="text" class="form-control form-control-sm purify" data-field="label" id="ga_website_name" value="<?php echo isset($SETTINGS['ga_website_name']) === true ? $SETTINGS['ga_website_name'] : ''; ?>">
</div>
</div>

Expand Down Expand Up @@ -205,23 +205,23 @@
<?php echo langHdl('admin_duo_ikey'); ?>
</div>
<div class="col-7">
<input type="text" class="form-control form-control-sm" id="duo_ikey" value="<?php echo isset($SETTINGS['duo_ikey']) === true ? $SETTINGS['duo_ikey'] : ''; ?>">
<input type="text" class="form-control form-control-sm purify" data-field="label" id="duo_ikey" value="<?php echo isset($SETTINGS['duo_ikey']) === true ? $SETTINGS['duo_ikey'] : ''; ?>">
</div>
</div>
<div class="row mb-2">
<div class="col-5">
<?php echo langHdl('admin_duo_skey'); ?>
</div>
<div class="col-7">
<input type="text" class="form-control form-control-sm" id="duo_skey" value="<?php echo isset($SETTINGS['duo_skey']) === true ? $SETTINGS['duo_skey'] : ''; ?>">
<input type="text" class="form-control form-control-sm purify" data-field="label" id="duo_skey" value="<?php echo isset($SETTINGS['duo_skey']) === true ? $SETTINGS['duo_skey'] : ''; ?>">
</div>
</div>
<div class="row mb-2">
<div class="col-5">
<?php echo langHdl('admin_duo_host'); ?>
</div>
<div class="col-7">
<input type="text" class="form-control form-control-sm" id="duo_host" value="<?php echo isset($SETTINGS['duo_host']) === true ? $SETTINGS['duo_host'] : ''; ?>">
<input type="text" class="form-control form-control-sm purify" data-field="label" id="duo_host" value="<?php echo isset($SETTINGS['duo_host']) === true ? $SETTINGS['duo_host'] : ''; ?>">
</div>
</div>

Expand Down
2 changes: 1 addition & 1 deletion pages/admin.js.php
Expand Up @@ -135,7 +135,7 @@ function(data) {
}

// Sanitize value
value = fieldDomPurifierWithWarning('#' + field);
value = fieldDomPurifierWithWarning('#' + field, false, false, false, true);
if (value === false) {
return false;
}
Expand Down
2 changes: 1 addition & 1 deletion pages/users.js.php
Expand Up @@ -898,7 +898,7 @@ function(data) {

// Mandatory?
var validated = true,
validEmailRegex = /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/;
validEmailRegex = /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,15})+$/;
$('.required').each(function(i, obj) {
if ($(this).val() === '' && $(this).hasClass('select2') === false) {
$(this).addClass('is-invalid');
Expand Down
12 changes: 6 additions & 6 deletions sources/logs.datatables.php
Expand Up @@ -838,7 +838,7 @@
}
} elseif (isset($_GET['action']) && $_GET['action'] === 'tasks_in_progress') {
//Columns name
$aColumns = ['increment_id', 'created_at', 'updated_at', 'process_type', 'is_in_progress'];
$aColumns = ['p.increment_id', 'p.created_at', 'p.updated_at', 'p.process_type', 'p.is_in_progress'];
//Ordering
if (isset($_GET['order'][0]['dir']) === true
&& in_array($_GET['order'][0]['dir'], $aSortTypes) === true
Expand All @@ -854,7 +854,7 @@
$aColumns[0].' DESC';
}

$sWhere = ' WHERE ((finished_at = "")';
$sWhere = ' WHERE ((p.finished_at = "")';
if (isset($_GET['search']['value']) === true && $_GET['search']['value'] !== '') {
$sWhere .= ' AND (';
for ($i = 0; $i < count($aColumns); ++$i) {
Expand All @@ -865,13 +865,13 @@
$sWhere .= ') ';
DB::debugmode(false);
$iTotal = DB::queryFirstField(
'SELECT COUNT(increment_id)
'SELECT COUNT(p.increment_id)
FROM '.prefixTable('processes').' AS p
LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
$sWhere
);
$rows = DB::query(
'SELECT *
'SELECT p.*
FROM '.prefixTable('processes').' AS p
LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
$sWhere.
Expand Down Expand Up @@ -951,14 +951,14 @@

DB::debugmode(false);
$iTotal = DB::queryFirstField(
'SELECT COUNT(increment_id)
'SELECT COUNT(p.increment_id)
FROM '.prefixTable('processes').' AS p
LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
$sWhere
);

$rows = DB::query(
'SELECT *
'SELECT p.*
FROM '.prefixTable('processes').' AS p
LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
$sWhere.
Expand Down

0 comments on commit cc6abc7

Please sign in to comment.