Patch out XSS in edit server (#2471)

hestiacp · Mar 14, 2022 · fd42196 · fd42196
1 parent 91081b0
commit fd42196
Show file tree

Hide file tree

Showing 5 changed files with 5 additions and 1 deletion.
diff --git a/web/edit/db/index.php b/web/edit/db/index.php
@@ -15,6 +15,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 // List datbase

diff --git a/web/edit/dns/index.php b/web/edit/dns/index.php
@@ -15,6 +15,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 // List ip addresses

diff --git a/web/edit/mail/index.php b/web/edit/mail/index.php
@@ -15,6 +15,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 $v_username = $user;

diff --git a/web/edit/web/index.php b/web/edit/web/index.php
@@ -16,6 +16,7 @@
 // Edit as someone else?
 if (($_SESSION['userContext'] === 'admin') && (!empty($_GET['user']))) {
     $user=escapeshellarg($_GET['user']);
+    $user_plain=htmlentities($_GET['user']);
 }
 
 // Get all user domains

diff --git a/web/templates/pages/edit_server.html b/web/templates/pages/edit_server.html
@@ -857,7 +857,7 @@
 									<tr>
 										<td class="vst-text step-top">
 											<?=_('SSL Certificate');?>
-											<span id="generate-csr"> / <a class="generate" target="_blank" href="/generate/ssl/?domain=<?=$v_hostname?>"><?=_('Generate CSR');?></a></span>
+											<span id="generate-csr"> / <a class="generate" target="_blank" href="/generate/ssl/?domain=<?=htmlentities(trim($v_hostname,'"'));?>"><?=_('Generate CSR');?></a></span>
 										</td>
 									</tr>
 									<tr>