Skip to content
Permalink
Browse files Browse the repository at this point in the history
Bugfix: XSS (reflected) in import previews
Reported by Faisal Fs <faisalfs10x@gmail.com>
  • Loading branch information
GaryAllan committed Apr 24, 2022
1 parent 5852574 commit 22c797c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 7 deletions.
11 changes: 4 additions & 7 deletions app/admin/import-export/import-load-data.php
Expand Up @@ -65,7 +65,7 @@
foreach ($cols as $val) {
$col++;
# map import columns to expected fields as per previous window
$fieldmap[$col] = $impfields[$val];
$fieldmap[$col] = escape_input(trim($impfields[$val]));
$hcol = $col;
}

Expand All @@ -81,7 +81,7 @@
$Result->show('danger', _("Extra column found on line ").$row._(" in CSV file. CSV delimiter used in value field?"), true);
} else {
# read each row into a dictionary with expected fields as keys
$record[$fieldmap[$col]] = trim($val);
$record[$fieldmap[$col]] = escape_input(trim($val));
}
}
$data[] = $record;
Expand All @@ -97,23 +97,20 @@

# map import columns to expected fields as per previous window
for($col=1;$col<=$xls->colcount($sheet);$col++) {
$fieldmap[$col] = $impfields[$Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet))];
$fieldmap[$col] = $impfields[escape_input($Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet)))];
$hcol = $col;
}

# read each remaining row into a dictionary with expected fields as keys
for($row=2;$row<=$xls->rowcount($sheet);$row++) {
$record = array();
for($col=1;$col<=$xls->colcount($sheet);$col++) {
$record++;
if ($col > $hcol) {
$Result->show('danger', _("Extra column found on line ").$row._(" in XLS file. Please check input file."), true);
} else {
$record[$fieldmap[$col]] = trim($Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet)));
$record[$fieldmap[$col]] = escape_input(trim($Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet))));
}
}
$data[] = $record;
}
}

?>
1 change: 1 addition & 0 deletions misc/CHANGELOG
Expand Up @@ -92,6 +92,7 @@
+ XSS (reflected) in 'find subnets';
+ Incorrect privilege assignments (#3506);
+ XXS (reflected) in ripe-arin-query;
+ XSS (reflected) in import previews;

Translations:
----------------------------
Expand Down

0 comments on commit 22c797c

Please sign in to comment.