From dd97f02834eb7f133edd06ad6a040a54647e4e59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rytis=20Slatkevi=C4=8Dius?= Date: Thu, 13 Sep 2007 09:46:36 +0000 Subject: [PATCH] - User web: fix XSS vulnerability, web code update recommended svn path=/trunk/boinc/; revision=13586 --- checkin_notes | 25 +++++++++++++++++-------- html/inc/util.inc | 4 ++-- html/user/forum_text_search_action.php | 9 +++++---- html/user/user_search_action.php | 5 +++-- 4 files changed, 27 insertions(+), 16 deletions(-) diff --git a/checkin_notes b/checkin_notes index 6346193d7b..a96346945a 100755 --- a/checkin_notes +++ b/checkin_notes @@ -8441,15 +8441,15 @@ David 12 Sept 2007 boinc_api.C David 12 Sept 2007 - - Manager: clean up text in system tray balloon - - Client: use dd-MMM-yyyy format for dates; - mm/dd/yyyy is ambiguous and mixed-endian - Fixes #406 + - Manager: clean up text in system tray balloon + - Client: use dd-MMM-yyyy format for dates; + mm/dd/yyyy is ambiguous and mixed-endian + Fixes #406 - clientgui/ - BOINCTaskBar.cpp - lib/ - str_util.C + clientgui/ + BOINCTaskBar.cpp + lib/ + str_util.C David 13 Sept 2007 - client: restore element on GUI RPC result XML @@ -8459,3 +8459,12 @@ David 13 Sept 2007 client/ app.C cpu_sched.C + +Rytis 13 Sep 2007 + - User web: fix XSS vulnerability, web code update recommended + + html/ + inc/util.inc + user/ + forum_text_search_action.php + user_search_action.php diff --git a/html/inc/util.inc b/html/inc/util.inc index f112aeb7b9..28ca1a58d7 100644 --- a/html/inc/util.inc +++ b/html/inc/util.inc @@ -589,7 +589,7 @@ function get_int($name, $optional=false) { if ($optional) { return null; } else { - error_page("missing or bad parameter: $name $x"); + error_page("missing or bad parameter: $name; supplied: ".htmlspecialchars($x)); } } return (int)$x; @@ -602,7 +602,7 @@ function post_int($name, $optional=false) { if ($optional) { return null; } else { - error_page("missing or bad parameter: $name $x"); + error_page("missing or bad parameter: $name; supplied: ".htmlspecialchars($x)); } } return (int)$x; diff --git a/html/user/forum_text_search_action.php b/html/user/forum_text_search_action.php index b01a16b953..094adb8365 100644 --- a/html/user/forum_text_search_action.php +++ b/html/user/forum_text_search_action.php @@ -1,4 +1,5 @@ "; } mysql_free_result($result); if ($offset==0 && $n==0) { - echo sprintf(tr(FORUM_SEARCH_TITLES_NO),$search_string);//"No titles found containing '$search_string'"; + echo sprintf(tr(FORUM_SEARCH_TITLES_NO),htmlspecialchars($search_string));//"No titles found containing '$search_string'"; } } else if (isset($_GET['bodies'])) { $what .= 'bodies=1'; - page_head(sprintf(tr(FORUM_SEARCH_BODIES),$search_string)); + page_head(sprintf(tr(FORUM_SEARCH_BODIES),htmlspecialchars($search_string))); $q = "SELECT * FROM post "; $q .= "LEFT JOIN thread ON post.thread = thread.id "; $q .= "WHERE MATCH(post.content) AGAINST ('$search_string_clean') "; @@ -59,7 +60,7 @@ if (isset($_GET['titles'])) { } mysql_free_result($result); if ($offset==0 && $n==0) { - echo sprintf(tr(FORUM_SEARCH_BODIES_NO),$search_string); + echo sprintf(tr(FORUM_SEARCH_BODIES_NO),htmlspecialchars($search_string)); } } diff --git a/html/user/user_search_action.php b/html/user/user_search_action.php index 7d7d702412..72dbc34838 100644 --- a/html/user/user_search_action.php +++ b/html/user/user_search_action.php @@ -1,4 +1,5 @@ =3) { $n=0; while ($user = mysql_fetch_object($result)) { if ($n==0) { - echo "

User names starting with '$search_string' $nice_name

\n"; + echo "

User names starting with '".htmlspecialchars($search_string)."' $nice_name

\n"; print_table_header($urls, $nextd); } show_user($user, $n+$offset+1); @@ -105,7 +106,7 @@ if (strlen($search_string)>=3) { echo "\n"; mysql_free_result($result); if (!$n) { - echo "

No user names found starting with '$search_string'

\n"; + echo "

No user names found starting with '".htmlspecialchars($search_string)."'

\n"; } echo "

\n";