Skip to content

Commit

Permalink
fix: added missing validation of URLs and conversion to HTML entities
Browse files Browse the repository at this point in the history
  • Loading branch information
@thorsten
thorsten committed Feb 14, 2023
1 parent fecc803 commit 5061e58
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 9 deletions.
18 changes: 10 additions & 8 deletions phpmyfaq/admin/news.php
View file
Expand Up @@ -47,7 +47,8 @@

<div class="row">
<div class="col-12">
<form id="faqEditor" name="faqEditor" action="?action=save-news" method="post" novalidate>
<form id="faqEditor" name="faqEditor" action="?action=save-news" method="post" class="needs-validation"
novalidate>

<div class="form-group row">
<label class="col-3 col-form-label" for="newsheader">
Expand Down Expand Up @@ -112,7 +113,7 @@
<div class="form-group row">
<label class="col-3 col-form-label" for="link"><?= $PMF_LANG['ad_news_link_url'] ?></label>
<div class="col-9">
<input class="form-control" type="text" name="link" id="link"
<input class="form-control" type="url" name="link" id="link"
placeholder="http://www.example.com/">
</div>
</div>
Expand Down Expand Up @@ -256,7 +257,8 @@

<div class="row">
<div class="col-12">
<form action="?action=update-news" method="post" accept-charset="utf-8">
<form action="?action=update-news" method="post" accept-charset="utf-8" class="needs-validation"
novalidate>
<input type="hidden" name="id" value="<?= $newsData['id'] ?>">

<div class="form-group row">
Expand Down Expand Up @@ -328,7 +330,7 @@
<div class="form-group row">
<label class="col-3 col-form-label" for="link"><?= $PMF_LANG['ad_news_link_url'] ?></label>
<div class="col-9">
<input type="text" id="link" name="link"
<input type="url" id="link" name="link"
value="<?= Strings::htmlentities($newsData['link']) ?>" class="form-control">
</div>
</div>
Expand Down Expand Up @@ -449,8 +451,8 @@
$email = Filter::filterInput(INPUT_POST, 'authorEmail', FILTER_VALIDATE_EMAIL);
$active = Filter::filterInput(INPUT_POST, 'active', FILTER_UNSAFE_RAW);
$comment = Filter::filterInput(INPUT_POST, 'comment', FILTER_UNSAFE_RAW);
$link = Filter::filterInput(INPUT_POST, 'link', FILTER_SANITIZE_SPECIAL_CHARS);
$linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_SPECIAL_CHARS);
$link = Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL);
$linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_ENCODED);
$newsLang = Filter::filterInput(INPUT_POST, 'langTo', FILTER_UNSAFE_RAW);
$target = Filter::filterInput(INPUT_POST, 'target', FILTER_UNSAFE_RAW);

Expand Down Expand Up @@ -500,8 +502,8 @@
$email = Filter::filterInput(INPUT_POST, 'authorEmail', FILTER_VALIDATE_EMAIL);
$active = Filter::filterInput(INPUT_POST, 'active', FILTER_UNSAFE_RAW);
$comment = Filter::filterInput(INPUT_POST, 'comment', FILTER_UNSAFE_RAW);
$link = Filter::filterInput(INPUT_POST, 'link', FILTER_UNSAFE_RAW);
$linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_UNSAFE_RAW);
$link = Filter::filterInput(INPUT_POST, 'link', FILTER_VALIDATE_URL);
$linkTitle = Filter::filterInput(INPUT_POST, 'linkTitle', FILTER_SANITIZE_ENCODED);
$newsLang = Filter::filterInput(INPUT_POST, 'langTo', FILTER_UNSAFE_RAW);
$target = Filter::filterInput(INPUT_POST, 'target', FILTER_UNSAFE_RAW);

Expand Down
2 changes: 1 addition & 1 deletion phpmyfaq/src/phpMyFAQ/News.php
View file
Expand Up @@ -95,7 +95,7 @@ public function getNews(bool $showArchive = false, bool $active = true): string
$this->pmfLang['msgInfo'],
Strings::htmlentities($item['link']),
$item['target'],
$item['linkTitle']
Strings::htmlentities($item['linkTitle'])
);
}

Expand Down

0 comments on commit 5061e58

Please sign in to comment.