Skip to content

Commit

Permalink
Merge pull request #683 from Leantime/sanitationFixes
Browse files Browse the repository at this point in the history 
misc escape issues
  • Loading branch information
@marcelfolaron
marcelfolaron committed Apr 16, 2022
2 parents 34cd54a + c558c6e commit 6c97fd8
Show file tree
Hide file tree
Showing 9 changed files with 23 additions and 16 deletions.
1 change: 1 addition & 0 deletions src/domain/comments/templates/submodules/generalComment.sub.php
View file
Expand Up @@ -104,6 +104,7 @@ class="deleteComment">
</form>

<script type='text/javascript'>
leantime.generalController.initSimpleEditor();
function toggleCommentBoxes(id) {
if (id == 0) {
jQuery('#mainToggler').hide();
Expand Down
2 changes: 1 addition & 1 deletion src/domain/leancanvas/templates/showCanvas.tpl.php
View file
Expand Up @@ -39,7 +39,7 @@
$canvasTitle = $canvasRow["title"];
echo" selected='selected' ";
}
echo">".$canvasRow["title"]."</option>"; ?>
echo">".$this->escape($canvasRow["title"])."</option>"; ?>

<?php } ?>
</select><br />
Expand Down
6 changes: 0 additions & 6 deletions src/domain/projects/repositories/class.projects.php
View file
Expand Up @@ -52,12 +52,6 @@ class projects
* @access public
*/

private $encryptionMethod = 'AES-256-CBC';

private $secrethash = 'z5xXjI?maCHMGXW2neV8?0T<uD&<N4$j!K/W$V8(q~';

private $iv = '123';

function __construct()
{
$config = new core\config();
Expand Down
4 changes: 2 additions & 2 deletions src/domain/projects/templates/showAll.tpl.php
View file
Expand Up @@ -45,9 +45,9 @@
<tr class='gradeA'>

<td style="padding:6px;">
<?php echo $this->displayLink('projects.changeCurrentProject',$row['name'], array('id' => $row['id'])) ?>
<?php echo $this->displayLink('projects.changeCurrentProject',$this->escape($row['name']), array('id' => $row['id'])) ?>
<td>
<?php echo $this->displayLink('clients.showClient',$row['clientName'], array('id' => $row['clientId']), NULL, true) ?>
<?php echo $this->displayLink('clients.showClient',$this->escape($row['clientName']), array('id' => $row['clientId']), NULL, true) ?>
</td>
<td class="center"><?php if($row['state'] == -1) echo "Closed"; else { echo "Active"; } ?></td>
<td class="center"><?php echo $row['numberOfTickets']; ?></td>
Expand Down
2 changes: 1 addition & 1 deletion src/domain/retrospectives/templates/showBoards.tpl.php
View file
Expand Up @@ -38,7 +38,7 @@
$canvasTitle = $canvasRow["title"];
echo" selected='selected' ";
}
echo">".$canvasRow["title"]."</option>";
echo">".$this->escape($canvasRow["title"])."</option>";

?>

Expand Down
2 changes: 1 addition & 1 deletion src/domain/tickets/templates/milestoneDialog.tpl.php
View file
Expand Up @@ -51,7 +51,7 @@
if ($currentMilestone->dependingTicketId == $milestoneRow->id) { echo " selected='selected' ";
}

echo ">" . $milestoneRow->headline . " </option>";
echo ">" . $this->escape($milestoneRow->headline) . " </option>";

}
}
Expand Down
17 changes: 14 additions & 3 deletions src/domain/users/controllers/class.delUser.php
View file
Expand Up @@ -32,14 +32,25 @@ public function run()
//Delete User
if (isset($_POST['del']) === true) {

$userRepo->deleteUser($id);
if(isset($_POST[$_SESSION['formTokenName']]) && $_POST[$_SESSION['formTokenName']] == $_SESSION['formTokenValue']) {

$tpl->setNotification($language->__("notifications.user_deleted"), "success");
$userRepo->deleteUser($id);

$tpl->redirect(BASE_URL."/users/showAll");
$tpl->setNotification($language->__("notifications.user_deleted"), "success");

$tpl->redirect(BASE_URL."/users/showAll");

}else{
$tpl->setNotification($language->__("notification.form_token_incorrect"), 'error');
}

}

//Sensitive Form, generate form tokens
$permitted_chars = '0123456789abcdefghijklmnopqrstuvwxyz';
$_SESSION['formTokenName'] = substr(str_shuffle($permitted_chars), 0, 32);
$_SESSION['formTokenValue'] = substr(str_shuffle($permitted_chars), 0, 32);

//Assign variables
$tpl->assign('user', $user);

Expand Down
1 change: 1 addition & 0 deletions src/domain/users/templates/delUser.tpl.php
View file
Expand Up @@ -20,6 +20,7 @@
<div class="widgetcontent">

<form method="post">
<input type="hidden" name="<?=$_SESSION['formTokenName']?>" value="<?=$_SESSION['formTokenValue']?>" />
<p><?php echo $this->__('text.confirm_user_deletion'); ?></p><br />
<input type="submit" value="<?php echo $this->__('buttons.yes_delete'); ?>" name="del" class="button" />
<a class="btn btn-primary" href="<?=BASE_URL ?>/users/showAll"><?php echo $this->__('buttons.back'); ?></a>
Expand Down
4 changes: 2 additions & 2 deletions src/domain/users/templates/newUser.tpl.php
View file
Expand Up @@ -121,7 +121,7 @@
<?php } ?>
<?php foreach($this->get('clients') as $client): ?>
<option value="<?php echo $client['id'] ?>" <?php if ($client['id'] == $values['clientId']) : ?>selected="selected"<?php
endif; ?>><?php echo $client['name'] ?></option>
endif; ?>><?php $this->e($client['name']) ?></option>
<?php endforeach; ?>
</select><br/>

Expand Down Expand Up @@ -151,7 +151,7 @@

<?php foreach($this->get('allProjects') as $row){ ?>
<?php if(is_array($projects) === true && in_array($row['id'], $projects) === false) { ?>
<option value="<?php echo $row['id'] ?>"><?php echo $row['name']; ?> / <?php echo $row['clientName']; ?></option>
<option value="<?php echo $row['id'] ?>"><?php $this->e($row['name']); ?> / <?php $this->e($row['clientName']); ?></option>
<?php } ?>
<?php } ?>

Expand Down

0 comments on commit 6c97fd8

Please sign in to comment.