Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Prevent XSS through RSS feed links
  • Loading branch information
cedric-anne authored and trasher committed Nov 3, 2022
1 parent 6f208f1 commit 071c4ea
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 10 deletions.
19 changes: 10 additions & 9 deletions src/RSSFeed.php
Expand Up @@ -36,6 +36,7 @@
use Glpi\Application\View\TemplateRenderer;
use Glpi\RichText\RichText;
use Glpi\Toolbox\Sanitizer;
use Glpi\Toolbox\URL;

// $feed = new SimplePie();
// $feed->set_cache_location('../files/_rss');
Expand Down Expand Up @@ -853,7 +854,7 @@ public function showFeedContent()
foreach ($feed->get_items(0, $this->fields['max_items']) as $item) {
$rss_feed['items'][] = [
'title' => $item->get_title(),
'link' => $item->get_permalink(),
'link' => URL::sanitizeURL($item->get_permalink()),
'timestamp' => Html::convDateTime($item->get_date('Y-m-d H:i:s')),
'content' => $item->get_content()
];
Expand Down Expand Up @@ -897,7 +898,7 @@ public function showDiscoveredFeeds()
$newurl = $f->url;
$newfeed = self::getRSSFeed($newurl);
if ($newfeed && !$newfeed->error()) {
$link = $newfeed->get_permalink();
$link = URL::sanitizeURL($newfeed->get_permalink());
if (!empty($link)) {
echo "<a href='$newurl'>" . $newfeed->get_title() . "</a>&nbsp;";
Html::showSimpleForm(
Expand Down Expand Up @@ -1071,21 +1072,21 @@ public static function showListForCentral(bool $personal = true, bool $display =
$output .= "<tr class='tab_bg_1'><td>";
$output .= Html::convDateTime($item->get_date('Y-m-d H:i:s'));
$output .= "</td><td>";
$link = $item->feed->get_permalink();
if (empty($link)) {
$feed_link = URL::sanitizeURL($item->feed->get_permalink());
if (empty($feed_link)) {
$output .= $item->feed->get_title();
} else {
$output .= "<a target='_blank' href='$link'>" . $item->feed->get_title() . '</a>';
$output .= '<a target="_blank" href="' . htmlspecialchars($feed_link) . '">' . $item->feed->get_title() . '</a>';
}
$link = $item->get_permalink();

$item_link = URL::sanitizeURL($item->get_permalink());
$rand = mt_rand();
$output .= "<div id='rssitem$rand'>";
if (!is_null($link)) {
$output .= "<a target='_blank' href='$link'>";
if (!empty($item_link)) {
$output .= '<a target="_blank" href="' . htmlspecialchars($item_link) . '">';
}
$output .= $item->get_title();
if (!is_null($link)) {
if (!empty($item_link)) {
$output .= "</a>";
}
$output .= "</div>";
Expand Down
2 changes: 1 addition & 1 deletion templates/components/rss_feed.html.twig
Expand Up @@ -45,7 +45,7 @@
<tr class="tab_bg_1">
<td>{{ rss_item.timestamp }}</td>
<td>
{% if rss_item.link is defined and rss_item.link is not null %}
{% if rss_item.link is not empty %}
<a target="_blank" href="{{ rss_item.link }}">{{ rss_item.title }}</a>
{% else %}
{{ rss_item.title }}
Expand Down

0 comments on commit 071c4ea

Please sign in to comment.