Commit e47eea03 authored by Melissa Draper's avatar Melissa Draper Committed by Hugh Davenport
Browse files

Sanitize links in links and resources menu (bug #1009774)



Links placed in the links and resources list have not been getting
checked and so have been displayed unfiltered to users and other
admins. These user-supplied links are now checked with sanitize_url
which has been extended to convert relative links to absolute.

Change-Id: I679627c4e33621df82705c39e77e7226ffef5a97
Signed-off-by: default avatarMelissa Draper <melissa@catalyst.net.nz>
parent c24ccb84
......@@ -50,16 +50,22 @@ if ($menuitems) {
$r = array();
$r['id'] = $i->id;
$r['name'] = $i->title;
$safeurl = sanitize_url($i->url);
if (empty($i->url) && !empty($i->file)) {
$r['type'] = 'sitefile';
$r['linkedto'] = get_config('wwwroot') . 'artefact/file/download.php?file=' . $i->file;
$r['linktext'] = $i->filename;
$r['file'] = $i->file;
}
else if ($safeurl == '') {
$r['type'] = 'externallink';
$r['linkedto'] = '';
$r['linktext'] = strtoupper(get_string('badurl', 'admin')) . ': ' . $i->url;
}
else if (!empty($i->url) && empty($i->file)) {
$r['type'] = 'externallink';
$r['linkedto'] = $i->url;
$r['linktext'] = $i->url;
$r['linkedto'] = $safeurl;
$r['linktext'] = $safeurl;
}
else {
json_reply('local',get_string('loadmenuitemsfailed','admin'));
......
......@@ -49,6 +49,9 @@ else if ($type == 'externallink') {
$data->url = $linkedto;
$data->file = null;
}
else if (sanitize_url($linkedto) == '') {
json_reply('local',get_string('badurl','admin'));
}
else { // Bad menu item type
json_reply('local',get_string('badmenuitemtype','admin'));
}
......
......@@ -403,6 +403,8 @@ $string['sitefile'] = 'Site file';
$string['adminpublicdirname'] = 'public'; // Name of the directory in which to store public admin files
$string['adminpublicdirdescription'] = 'Files accessible by logged-out users';
$string['badmenuitemtype'] = 'Unknown item type';
$string['badurl'] = 'Bad link provided';
$string['oneormorelinksarebad'] = 'One or more of the links here are bad.';
$string['confirmdeletemenuitem'] = 'Do you really want to delete this item?';
$string['deletingmenuitem'] = 'Deleting item';
$string['deletefailed'] = 'Failed deleting item';
......
......@@ -2540,8 +2540,11 @@ function site_menu() {
if ($menuitems = get_records_array('site_menu','public',(int) !$USER->is_logged_in(),'displayorder')) {
foreach ($menuitems as $i) {
if ($i->url) {
$safeurl = sanitize_url($i->url);
if ($safeurl != '') {
$menu[] = array('name' => $i->title,
'link' => $i->url);
'link' => $safeurl);
}
}
else if ($i->file) {
$menu[] = array('name' => $i->title,
......@@ -3568,9 +3571,15 @@ function sanitize_url($url) {
$parsedurl = parse_url($url);
if (!isset($parsedurl['scheme'])) {
if (isset($parsedurl['path'])) {
$url = get_config('wwwroot') . ltrim($url, '/');
$parsedurl = parse_url($url);
}
else {
return '';
}
if (!in_array($parsedurl['scheme'], array('https', 'http', 'ftp'))) {
}
if (!in_array($parsedurl['scheme'], array('https', 'http', 'ftp', 'mailto'))) {
return '';
}
if (!filter_var($url, FILTER_VALIDATE_URL)) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment