Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Possible XSS Vulnerabilities in User Prompt Function #63

Closed
Xyntax opened this issue Jan 13, 2017 · 1 comment
Closed

Possible XSS Vulnerabilities in User Prompt Function #63

Xyntax opened this issue Jan 13, 2017 · 1 comment

Comments

@Xyntax
Copy link

Xyntax commented Jan 13, 2017

Data in $data['alertSuccess'] and $data['alertDanger'] is passed directly to the DOM without any filtering, resulting in XSS vulnerability.

<?php
if (isset($data['alertSuccess'])) {
    echo '<div class="alert alert-success" >
        <button type="button" class="close" data-dismiss="alert">
            <span aria-hidden="true">&times;</span>
            <span class="sr-only">'.CLOSE.'</span>
        </button>
        ';
    foreach ($data['alertSuccess'] as $alert) {
        echo "$alert\n";
    }
    echo '</div>';
} elseif (isset($data['alertDanger'])) {
    //print_r($data['alertDanger']);
    echo '<div class="alert alert-danger" >
        <button type="button" class="close" data-dismiss="alert">
            <span aria-hidden="true">&times;</span>
            <span class="sr-only">'.CLOSE.'</span>
        </button>
        <ul>';
    foreach ($data['alertDanger'] as $alert) {
        echo "<li>$alert</li>\n";
    }
    echo '</ul></div>';
} ?>

pic

Related codes

Untrusted input data is in different ways, filter the output node may be a good idea.

Whats your opinion?

@semplon
Copy link
Owner

semplon commented Jan 14, 2017

yes you are right, i hadn't filter the strings. i'll fix this soon. thanks @Xyntax

semplon pushed a commit that referenced this issue Jan 15, 2017
@semplon semplon closed this as completed Jan 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants