Skip to content

Commit

Permalink
Fix Attachment upload XSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@dvz
dvz committed Nov 19, 2022
1 parent 68b7abe commit c3c474a
Show file tree
Hide file tree
Showing 3 changed files with 12 additions and 5 deletions.
2 changes: 1 addition & 1 deletion inc/functions_upload.php
View file
Expand Up @@ -823,7 +823,7 @@ function add_attachments($pid, $forumpermissions, $attachwhere, $action=false)
}
else if(isset($attachedfile['aid']) && $mybb->get_input('ajax', MyBB::INPUT_INT) == 1)
{
$ret['success'][] = array($attachedfile['aid'], get_attachment_icon(get_extension($filename)), $filename, get_friendly_size($FILE['size']));
$ret['success'][] = array($attachedfile['aid'], get_attachment_icon(get_extension($filename)), htmlspecialchars_uni($filename), get_friendly_size($FILE['size']));
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions install/resources/mybb_theme.xml
View file
Expand Up @@ -9606,7 +9606,7 @@ if(use_xmlhttprequest == "1")
</table>
</td>
</tr>]]></template>
<template name="post_javascript" version="1827"><![CDATA[
<template name="post_javascript" version="1832"><![CDATA[
<script type="text/javascript">
lang.add_attachment = "{$lang->add_attachment}";
lang.update_attachment = "{$lang->update_attachment}";
Expand All @@ -9622,7 +9622,7 @@ if(use_xmlhttprequest == "1")
php_max_file_uploads = {$php_max_file_uploads};
mybb_max_file_uploads = {$mybb->settings['maxattachments']};
</script>
<script type="text/javascript" src="{$mybb->asset_url}/jscripts/post.js?ver=1827"></script>
<script type="text/javascript" src="{$mybb->asset_url}/jscripts/post.js?ver=1832"></script>
]]></template>
<template name="post_prefixselect_multiple" version="1800"><![CDATA[<select name="threadprefix[]" multiple="multiple" size="5">
<option value="any"{$any_selected}>{$lang->any_prefix}</option>
Expand Down
11 changes: 9 additions & 2 deletions jscripts/post.js
View file
Expand Up @@ -215,8 +215,15 @@ var Post = {
if (Post.fileInput.prop('files').length) {
var common = Post.getCommonFiles();
if (common.length) {
common = '<ul><li>' + common.join('</li><li>') + '</li></ul>';
MyBB.prompt(lang.update_confirm.replace("{1}", common), {
var list = document.createElement('ul');

$.map(common, function (val) {
var e = document.createElement('li');
e.textContent = val;
list.append(e);
});

MyBB.prompt(lang.update_confirm.replace("{1}", list.outerHTML), {
buttons: [
{ title: yes_confirm, value: true },
{ title: no_confirm, value: false }
Expand Down

0 comments on commit c3c474a

Please sign in to comment.