Fixed a number of XSS issues - tnx Sebastiaan Tesink for reporting

shupp · Feb 25, 2012 · e430abc · e430abc
1 parent 2f8612f
commit e430abc
Show file tree

Hide file tree

Showing 8 changed files with 40 additions and 40 deletions.
diff --git a/src/default_records.php b/src/default_records.php
@@ -136,7 +136,7 @@
     // verify record to be added
     $result = verify_record($_REQUEST['name'],$_REQUEST['type'],$_REQUEST['address'],$_REQUEST['distance'],$_REQUEST['weight'], $_REQUEST['port'],$_REQUEST['ttl']);
     if($result != 'OK') {
-        set_msg_err($result);
+        set_msg_err(htmlentities($result, ENT_QUOTES));
         $smarty->display('header.tpl');
         require('src/add_record_form.php');
         $smarty->display('footer.tpl');
@@ -344,20 +344,20 @@
         $q = "insert into default_records values(
             '',
             ".$user_info['cid'].",
-            '$host',
+            '".mysql_escape_string($host)."',
             'S',
-            '$val',
+            '".mysql_escape_string($val)."',
             0,,,
-            '".$_REQUEST['ttl']."',
+            '".mysql_escape_string($_REQUEST['ttl'])."',
             'group')";
     } else {
         $q = "replace into default_records set 
             record_id='$id',
-            host='$host',
+            host='".mysql_escape_string($host)."',
             type='S',
-            val='$val',
-            ttl='".$_REQUEST['ttl']."',
-            default_type='$default_type',
+            val='".mysql_escape_string($val)."',
+            ttl='".mysql_escape_string($_REQUEST['ttl'])."',
+            default_type='".mysql_escape_string($default_type)."',
             group_owner_id='".$user_info['cid']."'";
     }
     mysql_query($q) or die(mysql_error().'<br>'.$q);

diff --git a/src/domains.php b/src/domains.php
@@ -213,15 +213,15 @@
     $domain = strtolower($_REQUEST['domain']);
     // make sure it's at least a second level domain
     if(!eregi(".*\..*", $domain)) {
-        set_msg_err("Error: domain $domain does not appear to be at least a second level domain");
+        set_msg_err("Error: domain " . htmlentities($domain, ENT_QUOTES) . " does not appear to be at least a second level domain");
         $smarty->display('header.tpl');
         require('src/new_domain_form.php');
         $smarty->display('footer.tpl');
         exit;
     }
     // make sure it's at least a correct domain name
 	if (!eregi("^[\.a-z0-9-]+$",$domain)) {
-        set_msg_err("Error: domain $domain does not appear to be a valid domain name");
+        set_msg_err("Error: domain " . htmlentities($domain, ENT_QUOTES) . " does not appear to be a valid domain name");
         $smarty->display('header.tpl');
         require('src/new_domain_form.php');
         $smarty->display('footer.tpl');
@@ -232,7 +232,7 @@
     $result = mysql_query($q);
     if(mysql_num_rows($result) > 0) {
 
-        set_msg_err("Error: domain $domain already exists");
+        set_msg_err("Error: domain " . htmlentities($domain, ENT_QUOTES) . " already exists");
         $smarty->display('header.tpl');
         require('src/new_domain_form.php');
         $smarty->display('footer.tpl');
@@ -358,7 +358,7 @@
 
     // Does the domain exist?
     if(mysql_num_rows($result) == 0) {
-        set_msg_err("Error: domain ".$_REQUEST['domain']." does not exist");
+        set_msg_err("Error: domain ".htmlentities($_REQUEST['domain'], ENT_QUOTES)." does not exist");
         $smarty->display('header.tpl');
         $smarty->display('footer.tpl');
         exit;
@@ -389,7 +389,7 @@
 
     // Does the domain exist?
     if(mysql_num_rows($result) == 0) {
-        set_msg_err("Error: domain ".$_REQUEST['domain']." does not exist");
+        set_msg_err("Error: domain ".htmlentities($_REQUEST['domain'], ENT_QUOTES)." does not exist");
         $smarty->display('header.tpl');
         $smarty->display('footer.tpl');
         exit;
@@ -555,7 +555,7 @@
 
         // Make sure each domain is NOT in the database already 
         if(get_dom_id($domain) != -1) {
-            set_msg_err("Error: $domain is already in this database");
+            set_msg_err("Error: " . htmlentities($domain, ENT_QUOTES) . " is already in this database");
             $smarty->display('header.tpl');
             require('src/import_form.php');
             $smarty->display('footer.tpl');
@@ -572,7 +572,7 @@
             $domains_array[$counter] = $out_array;
             $counter++;
         } else {
-            set_msg_err("Error: could not do axfr-get for $domain:<br>".$out_array[0]);
+            set_msg_err("Error: could not do axfr-get for " . htmlentities($domain, ENT_QUOTES) . ":<br>".htmlentities($out_array[0], ENT_QUOTES));
             $smarty->display('header.tpl');
             require('src/import_form.php');
             $smarty->display('footer.tpl');

diff --git a/src/records.php b/src/records.php
@@ -304,7 +304,7 @@
     // verify record to be added
     $result = verify_record($name,$_REQUEST['type'],$_REQUEST['address'],$_REQUEST['distance'],$_REQUEST['weight'], $_REQUEST['port'], $_REQUEST['ttl']);
     if($result != 'OK') {
-        set_msg_err($result);
+        set_msg_err(htmlentities($result, ENT_QUOTES));
         $smarty->display('header.tpl');
         require('src/add_record_form.php');
         $smarty->display('footer.tpl');
@@ -571,7 +571,7 @@
 	$smarty->assign('weight', $row['weight']);
     	$smarty->assign('port', $row['port']);
         $smarty->assign('ttl', $row['ttl']);
-        set_msg_err($result);
+        set_msg_err(htmlentities($result, ENT_QUOTES));
         $smarty->display('header.tpl');
         $smarty->display('edit_record.tpl');
         $smarty->display('footer.tpl');

diff --git a/templates/add_record_form.tpl b/templates/add_record_form.tpl
@@ -29,7 +29,7 @@
     <tr>
     <tr bgcolor="#eeeeee">
         <td>Hostname</td>
-        <td><input type="text" name="name" value="{$name}"></td>
+        <td><input type="text" name="name" value="{$name|escape:'html'}"></td>
     </tr>
     <tr bgcolor=#eeeeee>
         <td>Type</td>
@@ -39,24 +39,24 @@
     </tr>
     <tr bgcolor="#eeeeee">
         <td>Address</td>
-        <td><input type="text" name="address" value="{$address}"></td>
+        <td><input type="text" name="address" value="{$address|escape:'html'}"></td>
     </tr>
     <tr bgcolor="#eeeeee">
         <td>Distance (MX and SRV only)</td>
-        <td><input type="text" name="distance" value="{$distance}" size=5 maxlength=10></td>
+        <td><input type="text" name="distance" value="{$distance|escape:'html'}" size=5 maxlength=10></td>
     </tr>
     <tr bgcolor="#eeeeee">
         <td>Weight (SRV only)</td>
-        <td><input type="text" name="weight" value="{$weight}" size=5 maxlength=10></td>
+        <td><input type="text" name="weight" value="{$weight|escape:'html'}" size=5 maxlength=10></td>
     </tr>
     <tr bgcolor="#eeeeee">
         <td>Port (SRV only)</td>
-        <td><input type="text" name="port" value="{$port}" size=5 maxlength=10></td>
+        <td><input type="text" name="port" value="{$port|escape:'html'}" size=5 maxlength=10></td>
     </tr>
 
     <tr bgcolor="#eeeeee">
         <td>TTL</td>
-        <td><input size=7 maxlenth=20 type="text" name="ttl" value="{$ttl}">
+        <td><input size=7 maxlenth=20 type="text" name="ttl" value="{$ttl|escape:'html'}">
     </tr>
     </table>
 </td></tr>

diff --git a/templates/import_form.tpl b/templates/import_form.tpl
@@ -1,8 +1,8 @@
 <form action="{$php_self}">
-<input type="hidden" name="state" value="{$state}">
-<input type="hidden" name="mode" value="{$mode}">
+<input type="hidden" name="state" value="{$state|escape:'html'}">
+<input type="hidden" name="mode" value="{$mode|escape:'html'}">
 <input type="hidden" name="domain_mode" value="import_domains_now">
-<input type="hidden" name="{$session_name}" value="{$session_id}">
+<input type="hidden" name="{$session_name|escape:'html'}" value="{$session_id|escape:'html'}">
 
 
 <table border=0 bgcolor="white">
@@ -14,11 +14,11 @@
     <table border=0 width="100%">
     <tr bgcolor="#eeeeee">
         <td>Hostname or IP address:</td>
-        <td><input type="text" name="hostname" value="{$hostname}"></td>
+        <td><input type="text" name="hostname" value="{$hostname|escape:'html'}"></td>
     </tr>
     <tr valign="top" bgcolor="#eeeeee">
         <td>List of Domains:<br>(one per line)</td>
-        <td><textarea name="domains" rows=10>{$domains}</textarea></td>
+        <td><textarea name="domains" rows=10>{$domains|escape:'html'}</textarea></td>
     </tr>
     </table>
 </td></tr>

diff --git a/templates/list_default_records.tpl b/templates/list_default_records.tpl
@@ -12,25 +12,25 @@
 <table border=0 width="100%">
   <tr bgcolor="#eeeeee">
       <td width="10%" nowrap>Contact Address:</td>
-      <td width="40%" nowrap>{$soa_array.tldemail}</td>
+      <td width="40%" nowrap>{$soa_array.tldemail|escape:'html'}</td>
       <td width="10%" nowrap>Primary Nameserver:&nbsp</td>
-      <td width="40%" nowrap>{$soa_array.tldhost}</td>
+      <td width="40%" nowrap>{$soa_array.tldhost|escape:'html'}</td>
   </tr>
   <tr bgcolor="#eeeeee">
       <td width="10%" nowrap>Refresh:</td>
-      <td width="40%" nowrap>{$soa_array.refresh}</td>
+      <td width="40%" nowrap>{$soa_array.refresh|escape:'html'}</td>
       <td width="10%" nowrap>Retry:</td>
-      <td width="40%" nowrap>{$soa_array.retry}</td>
+      <td width="40%" nowrap>{$soa_array.retry|escape:'html'}</td>
   </tr>
   <tr bgcolor="#eeeeee">
       <td width="10%" nowrap>Expiration:</td>
-      <td width="40%" nowrap>{$soa_array.expire}</td>
+      <td width="40%" nowrap>{$soa_array.expire|escape:'html'}</td>
       <td width="10%" nowrap>Minimum TTL:&nbsp</td>
-      <td width="40%" nowrap>{$soa_array.minimum}</td>
+      <td width="40%" nowrap>{$soa_array.minimum|escape:'html'}</td>
   </tr>
   <tr bgcolor="#eeeeee">
       <td width="10%" nowrap>Default TTL:</td>
-      <td width="40%" nowrap>{$soa_array.ttl}</td>
+      <td width="40%" nowrap>{$soa_array.ttl|escape:'html'}</td>
       <td width="10%" nowrap>&nbsp</td>
       <td width="40%" nowrap>&nbsp</td>
   </tr>

diff --git a/templates/list_domains.tpl b/templates/list_domains.tpl
@@ -6,7 +6,7 @@
                 <tr valign="top" bgcolor="#cccccc">
                 <td align="left" colspan="2">
 
-                Listing {$first_domain} - {$last_domain} of {$totaldomains} Domains {$searchtexttag}</td>
+                Listing {$first_domain} - {$last_domain} of {$totaldomains} Domains {$searchtexttag|escape:'html'}</td>
                 <td align="center" colspan="2">
                 {if $previous_url != ""} <a href={$previous_url}>previous</a>
                 {else}previous{/if}
@@ -23,7 +23,7 @@
                     <input type="hidden" name="state" value="{$state}">
                     <input type="hidden" name="mode" value="domains">
                     <input type="hidden" name="{$session_name}" value="{$session_id}">
-                    <input type="text" name="search" value="{$search}">
+                    <input type="text" name="search" value="{$search|escape:'html'}">
                     <input type="submit" value="search"></form>
 
                 </td>

diff --git a/templates/new_domain_form.tpl b/templates/new_domain_form.tpl
@@ -1,7 +1,7 @@
 <form action="{$php_self}">
-<input type="hidden" name="state" value="{$state}">
+<input type="hidden" name="state" value="{$state|escape:'html'}">
 <input type="hidden" name="mode" value="domains">
-<input type="hidden" name="{$session_name}" value="{$session_id}">
+<input type="hidden" name="{$session_name|escape:'html'}" value="{$session_id|escape:'html'}">
 <input type="hidden" name="domain_mode" value="add_now">
 
 
@@ -14,7 +14,7 @@
     <table border=0 width="100%">
     <tr bgcolor="#eeeeee">
         <td>Domain Name</td>
-        <td align="left" colspan=2><input type="text" name="domain" value="{$domain}">
+        <td align="left" colspan=2><input type="text" name="domain" value="{$domain|escape:'html'}">
         </td>
     </tr>
     </table>