[fix] Unescaped user input could lead to XSS attacks.
Thanks to Jake Gordon and the Duke Univeristy Security team for finding this.
This commit is contained in:
parent
f12a8ca011
commit
54f988cd45
1
CHANGES
1
CHANGES
|
@ -34,6 +34,7 @@ v2.38 (Unreleased)
|
|||
[misc] Early support for using darktable to import RAWs
|
||||
[misc] Allow photo worker to recover from a failed database connection
|
||||
[fix] Errors upon emptying the trash weren't displayed properly
|
||||
[fix] Unescaped search strings could lead to XSS bugs.
|
||||
|
||||
v2.37.1 (December 3, 2012)
|
||||
|
||||
|
|
|
@ -54,8 +54,9 @@ $folder_id = "";
|
|||
$album_id = "";
|
||||
|
||||
$search_string = isset($_REQUEST['search_string']) ? $_REQUEST['search_string'] : "";
|
||||
$sql_search_string = validate_search_string($search_string);
|
||||
$search_string = htmlentities($search_string);
|
||||
|
||||
$search_string = validate_search_string($search_string);
|
||||
$current_user_id = isset($_REQUEST['current_user']) ? $_REQUEST['current_user'] : $po_user['id'];
|
||||
if ($current_user_id == 'null')
|
||||
$current_user_id = $po_user['id'];
|
||||
|
@ -81,7 +82,7 @@ site_header($strings['generic_search']);
|
|||
|
||||
site_navigator(2);
|
||||
|
||||
$keywords = extract_keywords($search_string, $po_options['search_enable_stemming']);
|
||||
$keywords = extract_keywords($sql_search_string, $po_options['search_enable_stemming']);
|
||||
|
||||
if (!$keywords) {
|
||||
site_navigator_status($strings['search_string'], "");
|
||||
|
|
|
@ -124,12 +124,14 @@ if (($offset + $limit) > $num_of_matches) {
|
|||
$items = $limit;
|
||||
}
|
||||
|
||||
$search_data = htmlentities($search_data);
|
||||
|
||||
site_navigator_status($strings['search_searched_for']."<strong>$search_data</strong>", $strings['search_displaying'] ." ". display_photo_index_status($offset, $limit, $num_of_matches));
|
||||
|
||||
print " <br/>\n";
|
||||
|
||||
$search_string = "keyword=".$search_data;
|
||||
$search_string_exp = str_replace(" ", "+", $search_string);
|
||||
$search_string = str_replace(" ", "+", $search_string);
|
||||
|
||||
print "<form name=\"photoList\" method=\"post\" action=\"folder.content.php\" accept-charset=\"".$strings['formats_encoding']."\">";
|
||||
print "<input type=\"hidden\" name=\"return\" value=\"".generate_link('tag', $search_data, array('offset'=>$offset))."\"/>";
|
||||
|
|
|
@ -55,8 +55,9 @@ $folder_id = "";
|
|||
$album_id = "";
|
||||
|
||||
$search_string = isset($_REQUEST['search_string']) ? $_REQUEST['search_string'] : "";
|
||||
$sql_search_string = validate_search_string($search_string);
|
||||
$search_string = htmlentities($search_string);
|
||||
|
||||
$search_string = validate_search_string($search_string);
|
||||
$current_user_id = isset($_REQUEST['current_user']) ? $_REQUEST['current_user'] : $po_user['id'];
|
||||
if ($current_user_id == 'null')
|
||||
$current_user_id = $po_user['id'];
|
||||
|
@ -84,7 +85,7 @@ site_header($strings['generic_search']);
|
|||
|
||||
site_navigator(2);
|
||||
|
||||
$keywords = extract_keywords($search_string, $po_options['search_enable_stemming']);
|
||||
$keywords = extract_keywords($sql_search_string, $po_options['search_enable_stemming']);
|
||||
|
||||
if (!$keywords) {
|
||||
if (!$master && ($po_options['search_masters_only'] != 'f')) {
|
||||
|
|
|
@ -68,8 +68,9 @@ function build_users_search_string($search_string, $identifier) {
|
|||
}
|
||||
|
||||
$search_string = isset($_REQUEST['search_string']) ? $_REQUEST['search_string'] : "";
|
||||
$sql_search_string = validate_search_string($search_string);
|
||||
$search_string = htmlentities($search_string);
|
||||
|
||||
$search_string = validate_search_string($search_string);
|
||||
$current_user_id = isset($_REQUEST['current_user']) ? $_REQUEST['current_user'] : $po_user['id'];
|
||||
if ($current_user_id == 'null')
|
||||
$current_user_id = $po_user['id'];
|
||||
|
@ -86,7 +87,7 @@ site_header($strings['generic_search']);
|
|||
|
||||
site_navigator(2);
|
||||
|
||||
$keywords = extract_keywords($search_string, $po_options['search_enable_stemming']);
|
||||
$keywords = extract_keywords($sql_search_string, $po_options['search_enable_stemming']);
|
||||
|
||||
if (!$keywords) {
|
||||
site_navigator_status($strings['search_string'], "");
|
||||
|
|
Loading…
Reference in New Issue