More xss fixes from master

b84a5265 · Richard Mansfield · 6015fc31 · b84a5265 · b84a5265 · b84a5265
Commit b84a5265 authored Mar 04, 2009 by Richard Mansfield
--- a/htdocs/artefact/blog/lib.php
+++ b/htdocs/artefact/blog/lib.php
@@ -210,10 +210,10 @@ class ArtefactTypeBlog extends ArtefactType {
        if (isset($options['viewid'])) {
            $smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
                                             . $this->get('id') . '&view=' . $options['viewid']
-                                             . '">' . $this->get('title') . '</a>');
+                                             . '">' . hsc($this->get('title')) . '</a>');
        }
        else {
-            $smarty->assign('artefacttitle', $this->get('title'));
+            $smarty->assign('artefacttitle', hsc($this->get('title')));
        }

        $smarty->assign('blockid', $blockid);
@@ -221,7 +221,7 @@ class ArtefactTypeBlog extends ArtefactType {
        $smarty->assign('enc_id', json_encode($this->id));
        $smarty->assign('limit', self::pagination);
        $smarty->assign('loading_img', theme_get_url('images/loading.gif'));
-        $smarty->assign('description', $this->get('description'));
+        $smarty->assign('description', clean_text($this->get('description')));

        // Remove unnecessary options for blog posts
        unset($options['hidetitle']);
@@ -415,15 +415,15 @@ class ArtefactTypeBlogPost extends ArtefactType {
            if (isset($options['viewid'])) {
                $smarty->assign('artefacttitle', '<a href="' . get_config('wwwroot') . 'view/artefact.php?artefact='
                     . $this->get('id') . '&view=' . $options['viewid']
-                     . '">' . $this->get('title') . '</a>');
+                     . '">' . hsc($this->get('title')) . '</a>');
            }
            else {
-                $smarty->assign('artefacttitle', $this->get('title'));
+                $smarty->assign('artefacttitle', hsc($this->get('title')));
            }
        }

        // We need to make sure that the images in the post have the right viewid associated with them
-        $postcontent = $this->get('description');
+        $postcontent = clean_text($this->get('description'));
        if (isset($options['viewid'])) {
            safe_require('artefact', 'file');
            $postcontent = ArtefactTypeFolder::append_view_url($postcontent, $options['viewid']);
@@ -553,6 +553,9 @@ class ArtefactTypeBlogPost extends ArtefactType {
                    $result[$file->blogpost]->files[] = $file;
                }
            }
+            foreach ($result as &$post) {
+                $post->description = clean_text($post->description);
+            }
        }

        return array($count, array_values($result));

--- a/htdocs/artefact/blog/theme/default/render/blogpost_renderfull.tpl
+++ b/htdocs/artefact/blog/theme/default/render/blogpost_renderfull.tpl
@@ -11,7 +11,7 @@
  {foreach from=$attachments item=item}
      <tr class="r{cycle values=1,0}">
        <td style="width: 22px;"><img src="{$item->iconpath|escape}" alt=""></td>
-        <td><a href="{$item->viewpath|escape}">{$item->title}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
+        <td><a href="{$item->viewpath|escape}">{$item->title|escape}</a> ({$item->size}) - <strong><a href="{$item->downloadpath|escape}">{str tag=Download section=artefact.file}</a></strong>
        <br><strong>{$item->description|escape}</strong></td>
      </tr>
  {/foreach}

--- a/htdocs/artefact/file/blocktype/image/lib.php
+++ b/htdocs/artefact/file/blocktype/image/lib.php
@@ -71,7 +71,7 @@ class PluginBlocktypeImage extends PluginBlocktype {

            $description = (is_a($image, 'ArtefacttypeImage')) ? $image->get('description') : $image->get('title');
            if (!empty($configdata['showdescription']) && $description) {
-                $result .= '<p>' . $description . '</p>';
+                $result .= '<p>' . hsc($description) . '</p>';
            }
            $result .= '</div>';
        }

--- a/htdocs/artefact/file/theme/default/folder_render_self.tpl
+++ b/htdocs/artefact/file/theme/default/folder_render_self.tpl
@@ -20,7 +20,7 @@
      <tr class="{cycle values=r1,r0}">
        <td><img src="{$child->iconsrc}" border="0" alt="{$child->artefacttype|escape}"></td>
        <td><a href="{$WWWROOT}view/artefact.php?artefact={$child->id|escape}&amp;view={$viewid|escape}" title="{$child->hovertitle}">{$child->title}</a></td>
-        <td>{$child->description}</td>
+        <td>{$child->description|escape}</td>
        {if !$simpledisplay}<td>{$child->date}</td>{/if}
      </tr>
    {/foreach}

--- a/htdocs/artefact/resume/theme/default/fragments/personalinformation.tpl
+++ b/htdocs/artefact/resume/theme/default/fragments/personalinformation.tpl
 <table>
 {foreach from=$fields key='field' item='value'}
    <tr>
-        <td>{$field}</td>
-        <td>{$value}</td>
+        <td>{$field|escape}</td>
+        <td>{$value|escape}</td>
    </tr>
 {/foreach}
 </table>
--- a/htdocs/view/artefact.php
+++ b/htdocs/view/artefact.php
@@ -90,7 +90,7 @@ $artefactpath[] = array(
 $heading = '<a href="' . get_config('wwwroot') . 'view/view.php?id=' . $view->get('id') .'">' . hsc($view->get('title')) . '</a> ' . get_string('by', 'view') . ' <a href="' . get_config('wwwroot') .'user/view.php?id=' . $view->get('owner'). '">' . hsc($view->formatted_owner()) . '</a>';
 foreach ($artefactpath as $item) {
 	if (empty($item['url'])) {
-	    $heading .= ': ' . $item['title'];
+            $heading .= ': ' . hsc($item['title']);
 	}
 	else {
            $heading .= ': <a href="' . $item['url'] . '">' . hsc($item['title']) . '</a>';