fix: added missing escaping of strings

thorsten · Nov 25, 2022 · e2ea332 · e2ea332
1 parent c16cc2b
commit e2ea332
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,11 +1,16 @@
-# phpMyFAQ 3.1.8
+# phpMyFAQ 3.1.9
 
 **Codename "Poseidon"**
 
 ## CHANGELOG
 
 This is a log of major user-visible changes in each phpMyFAQ release.
 
+### phpMyFAQ v3.1.9 - 2022-11-
+
+- fixed multiple security vulnerabilities (Thorsten)
+- fixed minor bugs (Thorsten)
+
 ### phpMyFAQ v3.1.8 - 2022-10-24
 
 - fixed multiple security vulnerabilities (Thorsten)

diff --git a/phpmyfaq/admin/record.questions.php b/phpmyfaq/admin/record.questions.php
@@ -19,6 +19,7 @@
 use phpMyFAQ\Date;
 use phpMyFAQ\Filter;
 use phpMyFAQ\Question;
+use phpMyFAQ\Strings;
 
 if (!defined('IS_VALID_PHPMYFAQ')) {
     http_response_code(400);
@@ -95,7 +96,7 @@
                     <td>
                       <strong><?= $category->categoryName[$openQuestion->getCategoryId()]['name'] ?></strong>
                       <br>
-                        <?= $openQuestion->getQuestion() ?>
+                        <?= Strings::htmlentities($openQuestion->getQuestion()) ?>
                     </td>
                     <td>
                       <a href="?action=question&amp;id=<?= $openQuestion->getId() ?>&amp;is_visible=toggle&csrf=<?= $user->getCsrfTokenFromSession() ?>"

diff --git a/phpmyfaq/ajaxservice.php b/phpmyfaq/ajaxservice.php
@@ -507,7 +507,7 @@
                 'username' => $author,
                 'email' => $email,
                 'category_id' => $ucategory,
-                'question' => $question,
+                'question' => Strings::htmlspecialchars($question),
                 'is_visible' => $visibility
             ];
 
@@ -571,12 +571,20 @@
                     $message = ['result' => $response];
                 } else {
                     $questionHelper = new QuestionHelper($faqConfig, $cat);
-                    $questionHelper->sendSuccessMail($questionData, $categories);
+                    try {
+                        $questionHelper->sendSuccessMail($questionData, $categories);
+                    } catch (Exception $e) {
+                        // @todo Handle exception
+                    }
                     $message = ['success' => $PMF_LANG['msgAskThx4Mail']];
                 }
             } else {
                 $questionHelper = new QuestionHelper($faqConfig, $cat);
-                $questionHelper->sendSuccessMail($questionData, $categories);
+                try {
+                    $questionHelper->sendSuccessMail($questionData, $categories);
+                } catch (Exception $e) {
+                    // @todo Handle exception
+                }
                 $message = ['success' => $PMF_LANG['msgAskThx4Mail']];
             }
         } else {

diff --git a/phpmyfaq/src/phpMyFAQ/Helper/QuestionHelper.php b/phpmyfaq/src/phpMyFAQ/Helper/QuestionHelper.php
@@ -19,6 +19,7 @@
 
 use phpMyFAQ\Category;
 use phpMyFAQ\Configuration;
+use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Mail;
 use phpMyFAQ\Question;
 use phpMyFAQ\User;
@@ -53,9 +54,10 @@ public function __construct(Configuration $config, Category $category)
 
     /**
      * @param array $questionData
-     * @param $categories
+     * @param array $categories
+     * @throws Exception
      */
-    public function sendSuccessMail(array $questionData, $categories)
+    public function sendSuccessMail(array $questionData, array $categories): void
     {
         $questionObject = new Question($this->config);
         $questionObject->addQuestion($questionData);