sec(Edit/Detail) XSS in picklist fields

tsolucio · Dec 19, 2021 · 4d4ba6b · 4d4ba6b
1 parent ae77352
commit 4d4ba6b
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/include/utils/CommonUtils.php b/include/utils/CommonUtils.php
@@ -1807,7 +1807,7 @@ function setObjectValuesFromRequest($focus) {
 				$value = $_REQUEST[$fieldname];
 			} else {
 				if ($editing) {
-					$value = trim(vt_suppressHTMLTags($_REQUEST[$fieldname], true));
+					$value = trim(vt_suppressHTMLTags(vtlib_purify($_REQUEST[$fieldname]), true));
 				} else {
 					$value = trim($_REQUEST[$fieldname]);
 				}

diff --git a/include/utils/DetailViewUtils.php b/include/utils/DetailViewUtils.php
@@ -146,7 +146,7 @@ function getDetailViewOutputHtml($uitype, $fieldname, $fieldlabel, $col_fields,
 		}
 	} elseif ($uitype == 15) {
 		$label_fld[] = getTranslatedString($fieldlabel, $module);
-		$col_fields[$fieldname] = trim(html_entity_decode($col_fields[$fieldname], ENT_QUOTES, $default_charset));
+		$col_fields[$fieldname] = trim(vt_suppressHTMLTags(vtlib_purify(html_entity_decode($col_fields[$fieldname], ENT_QUOTES, $default_charset))));
 		$label_fld[] = $col_fields[$fieldname];
 		$roleid = $current_user->roleid;
 

diff --git a/include/utils/EditViewUtils.php b/include/utils/EditViewUtils.php
@@ -197,7 +197,7 @@ function getOutputHtml($uitype, $fieldname, $fieldlabel, $maxlength, $col_fields
 			$valueArr = array();
 		}
 		foreach ($valueArr as $key => $value) {
-			$valueArr[$key] = trim(html_entity_decode($value, ENT_QUOTES, $default_charset));
+			$valueArr[$key] = trim(vt_suppressHTMLTags(vtlib_purify(html_entity_decode($value, ENT_QUOTES, $default_charset))));
 		}
 		if ($uitype == 15) {
 			if (!empty($valueArr)) {