Skip to content
Permalink
Browse files Browse the repository at this point in the history
Added XSS and CSRF protection
  • Loading branch information
thorsten committed Oct 10, 2017
1 parent a249b46 commit cb648f0
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 7 deletions.
6 changes: 6 additions & 0 deletions phpmyfaq/admin/ajax.tags.php
Expand Up @@ -70,6 +70,12 @@

$id = PMF_Filter::filterInput(INPUT_POST, 'id', FILTER_VALIDATE_INT);
$tag = PMF_Filter::filterInput(INPUT_POST, 'tag', FILTER_SANITIZE_STRING);
$csrfToken = PMF_Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_STRING);

if (!isset($_SESSION['phpmyfaq_csrf_token']) || $_SESSION['phpmyfaq_csrf_token'] !== $csrfToken) {
echo json_encode($PMF_LANG['err_NotAuth']);
exit(1);
}

$entity = new PMF_Entity_Tags();
$entity->setId($id);
Expand Down
11 changes: 6 additions & 5 deletions phpmyfaq/admin/assets/js/tags.js
Expand Up @@ -29,7 +29,7 @@ $(document).ready(function () {
);
} else {
var input = $('input[data-tag-id="' + id + '"]');
input.replaceWith('<span data-tag-id="' + id + '">' + input.val() + '</span>');
input.replaceWith('<span data-tag-id="' + id + '">' + input.val().replace(/\//g, '&#x2F;') + '</span>');
}
});

Expand All @@ -40,21 +40,22 @@ $(document).ready(function () {
var input = $('input[data-tag-id]:focus');
var id = input.data('tag-id');
var tag = input.val();
var csrf = $('input[name=csrf]').val();

$.ajax({
url: 'index.php?action=ajax&ajax=tags&ajaxaction=update',
type: 'POST',
data: 'id=' + id + '&tag=' + tag,
data: 'id=' + id + '&tag=' + tag + '&csrf=' + csrf,
dataType: 'json',
beforeSend: function () {
$('#saving_data_indicator').html(
'<i aria-hidden="true" class="fa fa-spinner fa-spin"></i> Saving ...'
);
},
success: function (message) {
input.replaceWith('<span data-tag-id="' + id + '">' + input.val() + '</span>');
$('span[data-tag-id="' + id + '"]').append(' ✓');
$('#saving_data_indicator').html('✓ ' + message);
input.replaceWith('<span data-tag-id="' + id + '">' + input.val().replace(/\//g, '&#x2F;') + '</span>');
$('span[data-tag-id="' + id + '"]');
$('#saving_data_indicator').html(message);
}
});

Expand Down
4 changes: 2 additions & 2 deletions phpmyfaq/admin/tags.main.php
Expand Up @@ -38,7 +38,7 @@
<div class="row">
<div class="col-lg-12">
<form action="" method="post" class="tag-form">

<input type="hidden" name="csrf" value="<?php echo $user->getCsrfTokenFromSession() ?>">
<?php
if ($user->perm->checkRight($user->getUserId(), 'editbt')) {
$tags = new PMF_Tags($faqConfig);
Expand All @@ -63,7 +63,7 @@

foreach ($tagData as $key => $tag) {
echo '<tr>';
echo '<td><span data-tag-id="'.$key.'">'.$tag.'</span></td>';
echo '<td><span data-tag-id="'.$key.'">'.PMF_String::htmlspecialchars($tag).'</span></td>';
printf(
'<td><a class="btn btn-primary btn-edit" data-btn-id="%d" title="%s"><i aria-hidden="true" class="fa fa-edit"></i></a></td>',
$key,
Expand Down

0 comments on commit cb648f0

Please sign in to comment.