external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix XSS vulnerability in package search results and package details.

Browse source 
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
This commit is contained in:
Lukas Fleischer 2011-03-11 19:15:04 +01:00
parent 7f9e498e48
commit 9b112a56d0
2 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
web/template/pkg_details.php
View file

@ -29,7 +29,7 @@ else {
if ($row["SubmitterUID"]) { if ($row["SubmitterUID"]) {
$submitter = username_from_id($row["SubmitterUID"]); $submitter = username_from_id($row["SubmitterUID"]);
if ($SID) { if ($SID) {
$submitter = '<a href="account.php?Action=AccountInfo&amp;ID=' . $row['SubmitterUID'] . '">' . $submitter . '</a>'; $submitter = '<a href="account.php?Action=AccountInfo&amp;ID=' . htmlspecialchars($row['SubmitterUID'], ENT_QUOTES) . '">' . htmlspecialchars($submitter) . '</a>';
} }
} else { } else {
@ -39,7 +39,7 @@ if ($row["SubmitterUID"]) {
if ($row["MaintainerUID"]) { if ($row["MaintainerUID"]) {
$maintainer = username_from_id($row["MaintainerUID"]); $maintainer = username_from_id($row["MaintainerUID"]);
if ($SID) { if ($SID) {
$maintainer = '<a href="account.php?Action=AccountInfo&amp;ID=' . $row['MaintainerUID'] . '">' . $maintainer . '</a>'; $maintainer = '<a href="account.php?Action=AccountInfo&amp;ID=' . htmlspecialchars($row['MaintainerUID'], ENT_QUOTES) . '">' . htmlspecialchars($maintainer) . '</a>';
} }
} else { } else {
@ -66,8 +66,8 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
<div class="pgboxbody"> <div class="pgboxbody">
<p> <p>
<span class='f2'><?php echo $row['Name'] . ' ' . $row['Version'] ?></span><br /> <span class='f2'><?php echo htmlspecialchars($row['Name']) . ' ' . htmlspecialchars($row['Version']) ?></span><br />
<span class='f3'><a href="<?php echo $row['URL'] . '">' . $row['URL'] ?></a></span><br /> <span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . $row['URL'] ?></a></span><br />
<span class='f3'><?php echo htmlspecialchars($row['Description'], ENT_QUOTES); ?></span> <span class='f3'><?php echo htmlspecialchars($row['Description'], ENT_QUOTES); ?></span>
</p> </p>
@ -79,7 +79,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
<span class='f3'><?php echo $votes ?></span> <span class='f3'><?php echo $votes ?></span>
</p> </p>
<p><span class='f3'><?php echo __('License') . ': ' . $license ?></span></p> <p><span class='f3'><?php echo __('License') . ': ' . htmlspecialchars($license) ?></span></p>
<p> <p>
<span class='f3'> <span class='f3'>
@ -161,12 +161,12 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
if (isset($parsed_url['scheme']) || isset($src[1])) { if (isset($parsed_url['scheme']) || isset($src[1])) {
# It is an external source # It is an external source
echo "<a href=\"" . (isset($src[1]) ? $src[1] : $src[0]) . "\">{$src[0]}</a><br />\n"; echo "<a href=\"" . htmlspecialchars((isset($src[1]) ? $src[1] : $src[0]), ENT_QUOTES) . "\">" . htmlspecialchars($src[0]) . "</a><br />\n";
} }
else { else {
$src = $src[0]; $src = $src[0];
# It is presumably an internal source # It is presumably an internal source
echo "<span class='f8'>$src</span>"; echo "<span class='f8'>" . htmlspecialchars($src) . "</span>";
echo "<br />\n"; echo "<br />\n";
} }
} }

6
web/template/pkg_search_results.php
View file

@ -56,8 +56,8 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
<?php if ($SID): ?> <?php if ($SID): ?>
<td class='<?php print $c ?>'><input type='checkbox' name='IDs[<?php print $row["ID"] ?>]' value='1' /></td> <td class='<?php print $c ?>'><input type='checkbox' name='IDs[<?php print $row["ID"] ?>]' value='1' /></td>
<?php endif; ?> <?php endif; ?>
<td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print $row["Category"] ?></span></span></td> <td class='<?php print $c ?>'><span class='f5'><span class='blue'><?php print htmlspecialchars($row["Category"]) ?></span></span></td>
<td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print $row["Name"] ?> <?php print $row["Version"] ?></span></a></span></td> <td class='<?php print $c ?>'><span class='f4'><a href='packages.php?ID=<?php print $row["ID"] ?>'><span class='black'><?php print htmlspecialchars($row["Name"]) ?> <?php print htmlspecialchars($row["Version"]) ?></span></a></span></td>
<td class='<?php print $c ?>' style="text-align: right"><span class='f5'><span class='blue'><?php print $row["NumVotes"] ?></span></span></td> <td class='<?php print $c ?>' style="text-align: right"><span class='f5'><span class='blue'><?php print $row["NumVotes"] ?></span></span></td>
<?php if ($SID): ?> <?php if ($SID): ?>
<td class='<?php print $c ?>'><span class='f5'><span class='blue'> <td class='<?php print $c ?>'><span class='f5'><span class='blue'>
@ -77,7 +77,7 @@ for ($i = 0; $row = mysql_fetch_assoc($result); $i++) {
<?php print htmlspecialchars($row['Description'], ENT_QUOTES); ?></span></span></td> <?php print htmlspecialchars($row['Description'], ENT_QUOTES); ?></span></span></td>
<td class='<?php print $c ?>'><span class='f5'><span class='blue'> <td class='<?php print $c ?>'><span class='f5'><span class='blue'>
<?php if (isset($row["Maintainer"])): ?> <?php if (isset($row["Maintainer"])): ?>
<a href='packages.php?K=<?php print $row['Maintainer'] ?>&amp;SeB=m'><?php print $row['Maintainer'] ?></a> <a href='packages.php?K=<?php print htmlspecialchars($row['Maintainer'], ENT_QUOTES) ?>&amp;SeB=m'><?php print htmlspecialchars($row['Maintainer']) ?></a>
<?php else: ?> <?php else: ?>
<span style='color: blue; font-style: italic;'><?php print __("orphan") ?></span> <span style='color: blue; font-style: italic;'><?php print __("orphan") ?></span>
<?php endif; ?> <?php endif; ?>