Skip to content

Commit

Permalink
xss: Dashboard period
Browse files Browse the repository at this point in the history 
This mitigates a vulnerability reported by @indevi0us where XSS is
possible via the `period` parameter. This sanitizes the parameter values
before using them anywhere.
  • Loading branch information
@JediKev
JediKev committed Mar 8, 2023
1 parent 9fb01bc commit 619ce0f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 18 deletions.
11 changes: 9 additions & 2 deletions include/class.report.php
View file
Expand Up @@ -23,14 +23,21 @@ static function getPermissions() {
class OverviewReport {
var $start;
var $end;
static $end_choices = [
'now' => 'Up to today',
'+7 days' => 'One Week',
'+14 days' => 'Two Weeks',
'+1 month' => 'One Month',
'+3 months' => 'One Quarter'
];

var $format;

function __construct($start, $end='now', $format=null) {
global $cfg;

$this->start = $start;
$this->end = $end;
$this->start = Format::sanitize($start);
$this->end = array_key_exists($end, self::$end_choices) ? $end : 'now';
$this->format = $format ?: $cfg->getDateFormat(true);
}

Expand Down
19 changes: 3 additions & 16 deletions include/staff/dashboard.inc.php
View file
Expand Up @@ -25,23 +25,10 @@
?>" />
</label>
<label>
<?php echo __( 'period');?>:
<?php echo __('period');?>:
<select name="period">
<option value="now" selected="selected">
<?php echo __( 'Up to today');?>
</option>
<option value="+7 days">
<?php echo __( 'One Week');?>
</option>
<option value="+14 days">
<?php echo __( 'Two Weeks');?>
</option>
<option value="+1 month">
<?php echo __( 'One Month');?>
</option>
<option value="+3 months">
<?php echo __( 'One Quarter');?>
</option>
<?php foreach ($report::$end_choices as $val=>$desc)
echo "<option value='$val'>" . __($desc) . "</option>"; ?>
</select>
</label>
<button class="green button action-button muted" type="submit">
Expand Down

0 comments on commit 619ce0f

Please sign in to comment.