* themes: prevent reflected XSS attack when requesting theme_info

NavigateCMS · Nov 28, 2021 · dd2cef6 · dd2cef6
1 parent fabb471
commit dd2cef6
Showing 1 changed file with 15 additions and 1 deletion.
diff --git a/lib/packages/themes/themes.php b/lib/packages/themes/themes.php
@@ -15,7 +15,21 @@ function run()
 	switch($_REQUEST['act'])
 	{
         case 'theme_info':
-            echo '<iframe src="'.NAVIGATE_URL.'/themes/'.$_REQUEST['theme'].'/'.$_REQUEST['theme'].'.info.html'.'" scrolling="auto" frameborder="0"  width="100%" height="100%"></iframe>';
+            $themes_available = $theme->list_available();
+            $found = false;
+            foreach($themes_available as $ta)
+            {
+                if($ta['code'] == $_REQUEST['theme'])
+                {
+                    $found = true;
+                    break;
+                }
+            }
+
+            if($found)
+            {
+                echo '<iframe src="'.NAVIGATE_URL.'/themes/'.$_REQUEST['theme'].'/'.$_REQUEST['theme'].'.info.html'.'" scrolling="auto" frameborder="0"  width="100%" height="100%"></iframe>';
+            }
             core_terminate();
             break;