Commit a9ca3846 authored by Richard Mansfield's avatar Richard Mansfield
Browse files

More xss fixes

parent b5912c5e
...@@ -235,10 +235,10 @@ class ArtefactTypeBlog extends ArtefactType { ...@@ -235,10 +235,10 @@ class ArtefactTypeBlog extends ArtefactType {
if (isset($options['viewid'])) { if (isset($options['viewid'])) {
$smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact=' $smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
. $this->get('id') . '&view=' . $options['viewid'] . $this->get('id') . '&view=' . $options['viewid']
. '">' . $this->get('title') . '</a>'); . '">' . hsc($this->get('title')) . '</a>');
} }
else { else {
$smarty->assign('artefacttitle', $this->get('title')); $smarty->assign('artefacttitle', hsc($this->get('title')));
} }
$smarty->assign('blockid', $blockid); $smarty->assign('blockid', $blockid);
...@@ -246,7 +246,7 @@ class ArtefactTypeBlog extends ArtefactType { ...@@ -246,7 +246,7 @@ class ArtefactTypeBlog extends ArtefactType {
$smarty->assign('enc_id', json_encode($this->id)); $smarty->assign('enc_id', json_encode($this->id));
$smarty->assign('limit', self::pagination); $smarty->assign('limit', self::pagination);
$smarty->assign('loading_img', theme_get_url('images/loading.gif')); $smarty->assign('loading_img', theme_get_url('images/loading.gif'));
$smarty->assign('description', $this->get('description')); $smarty->assign('description', clean_html($this->get('description')));
// Remove unnecessary options for blog posts // Remove unnecessary options for blog posts
unset($options['hidetitle']); unset($options['hidetitle']);
...@@ -469,15 +469,15 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -469,15 +469,15 @@ class ArtefactTypeBlogPost extends ArtefactType {
if (isset($options['viewid'])) { if (isset($options['viewid'])) {
$smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact=' $smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
. $this->get('id') . '&view=' . $options['viewid'] . $this->get('id') . '&view=' . $options['viewid']
. '">' . $this->get('title') . '</a>'); . '">' . hsc($this->get('title')) . '</a>');
} }
else { else {
$smarty->assign('artefacttitle', $this->get('title')); $smarty->assign('artefacttitle', hsc($this->get('title')));
} }
} }
// We need to make sure that the images in the post have the right viewid associated with them // We need to make sure that the images in the post have the right viewid associated with them
$postcontent = $this->get('description'); $postcontent = clean_html($this->get('description'));
if (isset($options['viewid'])) { if (isset($options['viewid'])) {
safe_require('artefact', 'file'); safe_require('artefact', 'file');
$postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']); $postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']);
...@@ -612,6 +612,7 @@ class ArtefactTypeBlogPost extends ArtefactType { ...@@ -612,6 +612,7 @@ class ArtefactTypeBlogPost extends ArtefactType {
foreach ($result as &$post) { foreach ($result as &$post) {
$post->ctime = format_date($post->ctime, 'strftimedaydatetime'); $post->ctime = format_date($post->ctime, 'strftimedaydatetime');
$post->mtime = format_date($post->mtime); $post->mtime = format_date($post->mtime);
$post->description = clean_html($post->description);
} }
} }
......
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
{foreach from=$attachments item=item} {foreach from=$attachments item=item}
<tr class="r{cycle values=1,0}"> <tr class="r{cycle values=1,0}">
<td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td> <td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td>
<td><a href="{$item->viewpath|escape}">{$item->title}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong> <td><a href="{$item->viewpath|escape}">{$item->title|escape}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
<br><strong>{$item->description|escape}</strong></td> <br><strong>{$item->description|escape}</strong></td>
</tr> </tr>
{/foreach} {/foreach}
......
...@@ -74,7 +74,7 @@ class PluginBlocktypeImage extends PluginBlocktype { ...@@ -74,7 +74,7 @@ class PluginBlocktypeImage extends PluginBlocktype {
$description = (is_a($image, 'ArtefacttypeImage')) ? $image->get('description') : $image->get('title'); $description = (is_a($image, 'ArtefacttypeImage')) ? $image->get('description') : $image->get('title');
if (!empty($configdata['showdescription']) && $description) { if (!empty($configdata['showdescription']) && $description) {
$result .= '<p>' . $description . '</p>'; $result .= '<p>' . hsc($description) . '</p>';
} }
$result .= '</div>'; $result .= '</div>';
} }
......
<table> <table>
{foreach from=$fields key='field' item='value'} {foreach from=$fields key='field' item='value'}
<tr> <tr>
<td>{$field}</td> <td>{$field|escape}</td>
<td>{$value}</td> <td>{$value|escape}</td>
</tr> </tr>
{/foreach} {/foreach}
</table> </table>
...@@ -5,7 +5,7 @@ ...@@ -5,7 +5,7 @@
<h2> <h2>
<a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle|escape}</a>{if $ownername} {str tag=by section=view} <a href="{$WWWROOT}view/view.php?id={$viewid}">{$viewtitle|escape}</a>{if $ownername} {str tag=by section=view}
<a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}{foreach from=$artefactpath item=a}: <a href="{$WWWROOT}{$ownerlink}">{$ownername|escape}</a>{/if}{foreach from=$artefactpath item=a}:
{if $a.url}<a href="{$a.url}">{/if}{$a.title}{if $a.url}</a>{/if} {if $a.url}<a href="{$a.url}">{/if}{$a.title|escape}{if $a.url}</a>{/if}
{/foreach} {/foreach}
</h2> </h2>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment