Merge pull request #229 from JediKev/security/latest-security-patches…

…-05-2022 Reviewed-By: JediKev <kevin@enhancesoft.com>, aydreeihn <adriane@enhancesoft.com>
osTicket · May 19, 2022 · a7842d4 · a7842d4
2 parents 8b33116 + 3e8a302
commit a7842d4
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 12 deletions.
diff --git a/audit/class.audit.php b/audit/class.audit.php
@@ -463,12 +463,17 @@ static function getQwhere($objectId, $hide_views=false, $type='') {
     }
 
     static function getOrder($order) {
-        if($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])]) {
-            $order=$orderWays[strtoupper($_REQUEST['order'])];
-        }
-        $order=$order?$order:'DESC';
+        $or = null;
+        $orderWays=array('DESC'=>'DESC','ASC'=>'ASC');
+
+        if ($order && $orderWays[strtoupper($order)])
+            $or = $orderWays[strtoupper($order)];
+        elseif($_REQUEST['order'] && $orderWays[strtoupper($_REQUEST['order'])])
+            $or = $orderWays[strtoupper($_REQUEST['order'])];
+
+        $or = $or ? $or : 'DESC';
 
-        return $order;
+        return $or;
     }
 
     static function getQuery($qs, $objectId, $pageNav, $export, $type='') {
@@ -478,7 +483,6 @@ static function getQuery($qs, $objectId, $pageNav, $export, $type='') {
 
       $sortOptions=array('id'=>'audit.id', 'object_id'=>'audit.object_id', 'state'=>'audit.state','type'=>'audit.object_type','ip'=>'audit.ip'
                           ,'timestamp'=>'audit.timestamp');
-      $orderWays=array('DESC'=>'DESC','ASC'=>'ASC');
       $sort=($_REQUEST['sort'] && $sortOptions[strtolower($_REQUEST['sort'])])?strtolower($_REQUEST['sort']):'timestamp';
       //Sorting options...
       if($sort && $sortOptions[$sort]) {

diff --git a/audit/templates/auditlogs.tmpl.php b/audit/templates/auditlogs.tmpl.php
@@ -3,18 +3,18 @@
 
 $qs = array();
 if($_REQUEST['type'])
-    $qs += array('type' => $_REQUEST['type']);
+    $qs += array('type' => Format::htmlchars($_REQUEST['type']));
 $type='D';
 
 if ($_REQUEST['type'])
-  $type=$_REQUEST['type'];
+  $type=Format::htmlchars($_REQUEST['type']);
 
 if($_REQUEST['state'])
-    $qs += array('state' => $_REQUEST['state']);
+    $qs += array('state' => Format::htmlchars($_REQUEST['state']));
 $state=__('All');
 
 if ($_REQUEST['state'])
-  $state=$_REQUEST['state'];
+  $state=Format::htmlchars($_REQUEST['state']);
 
 //dates
 $startTime  =($_REQUEST['startDate'] && (strlen($_REQUEST['startDate'])>=8))?strtotime($_REQUEST['startDate']):0;
@@ -28,7 +28,7 @@
     if($endTime)
         $qs += array('endDate' => $_REQUEST['endDate']);
 }
-$order = AuditEntry::getOrder($_REQUEST['order']);
+$order = AuditEntry::getOrder(Format::htmlchars($_REQUEST['order']));
 $qs += array('order' => (($order=='DESC') ? 'ASC' : 'DESC'));
 $qstr = '&amp;'. Http::build_query($qs);
 

diff --git a/storage-fs/storage.php b/storage-fs/storage.php
@@ -120,8 +120,11 @@ function pre_save(&$config, &$errors) {
             $field->addError($__('Unable to write to directory'));
         elseif (!@unlink("$path/$file"))
             $field->addError($__('Unable to remove files from directory'));
-        else
+        else {
             touch("$path/.keep");
+            if (!is_file("$path/.htaccess"))
+                file_put_contents("$path/.htaccess", array('Options -Indexes', PHP_EOL, 'Deny from all'));
+        }
         return true;
     }
 }