chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r20500] Fixing vulnerabilities of security in announcement ,wiki and project tools - partial FS#4134

Browse Source
skala
Cristian Fasanando 16 years ago
parent 13a6fa7005
commit 37f46dc98e
3 changed files with 31 additions and 20 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 22
      main/announcements/announcements.php
  2. 25
      main/blog/blog.php
  3. 4
      main/wiki/index.php

22
main/announcements/announcements.php
Unescape View File

@ -1,4 +1,4 @@
<?php //$Id: announcements.php 20442 2009-05-10 08:24:45Z ivantcholakov $
<?php //$Id: announcements.php 20500 2009-05-11 21:41:20Z cfasanando $
/*
==============================================================================
Dokeos - elearning and course management software
@ -155,11 +155,15 @@ require_once(api_get_path(LIBRARY_PATH) . '/fckeditor/fckeditor.php');
POST TO
-----------------------------------------------------------
*/
$safe_emailTitle = Security::remove_XSS($_POST['emailTitle']);
$safe_newContent = Security::remove_XSS($_POST['newContent'],COURSEMANAGER);
if (!empty($_POST['To']))
{
$display_form = true;
$form_elements= array ('emailTitle'=>$_POST['emailTitle'], 'newContent'=>$_POST['newContent'], 'id'=>$_POST['id'], 'emailoption'=>$_POST['email_ann']);
$form_elements= array ('emailTitle'=>$safe_emailTitle, 'newContent'=>$safe_newContent, 'id'=>$_POST['id'], 'emailoption'=>$_POST['email_ann']);
$_SESSION['formelements']=$form_elements;
$form_elements = $_SESSION['formelements'];
@ -511,8 +515,8 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
*/
//if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) {
$emailTitle=(!empty($_POST['emailTitle'])?$_POST['emailTitle']:'');
$newContent=(!empty($_POST['newContent'])?$_POST['newContent']:'');
$emailTitle=(!empty($_POST['emailTitle'])?$safe_emailTitle:'');
$newContent=(!empty($_POST['newContent'])?$safe_newContent:'');
$submitAnnouncement=isset($_POST['submitAnnouncement'])?$_POST['submitAnnouncement']:0;
$id = 0;
@ -541,10 +545,10 @@ if (api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_ed
$result = api_sql_query("SELECT MAX(display_order) FROM $tbl_announcement WHERE session_id=".intval($_SESSION['id_session'])." OR session_id=0",__FILE__,__LINE__);
list($orderMax) = Database::fetch_row($result);
$order = $orderMax + 1;
if (!empty($_SESSION['toolgroup'])) {
$insert_id=store_advalvas_group_item($_POST['emailTitle'],$_POST['newContent'],$order,array('GROUP:'.$_SESSION['toolgroup']),$_POST['selectedform']);
if (!empty($_SESSION['toolgroup'])) {
$insert_id=store_advalvas_group_item($safe_emailTitle,$safe_newContent,$order,array('GROUP:'.$_SESSION['toolgroup']),$_POST['selectedform']);
} else {
$insert_id=store_advalvas_item($_POST['emailTitle'],$_POST['newContent'],$order,$_POST['selectedform']);
$insert_id=store_advalvas_item($safe_emailTitle,$safe_newContent,$order,$_POST['selectedform']);
}
store_resources($_SESSION['source_type'],$insert_id);
$_SESSION['select_groupusers']="hide";
@ -1045,7 +1049,7 @@ if ($display_form == true) {
'.get_lang('EmailAddress').'
</div>
<div class="formw">
<input type="text" name="emailsAdd" value="'.$emails_add.'" size="52">(Comma separated for multiple)
<input type="text" name="emailsAdd" value="'.Security::remove_XSS($emails_add).'" size="52">(Comma separated for multiple)
</div>
</div>';
echo ' <div class="row">
@ -1066,7 +1070,7 @@ if ($display_form == true) {
</div>
<div class="formw">
<input type="text" id="emailTitle" name="emailTitle" value="'.$title_to_modify.'" size="60">
<input type="text" id="emailTitle" name="emailTitle" value="'.Security::remove_XSS($title_to_modify).'" size="60">
</div>
</div>';

25
main/blog/blog.php
Unescape View File

@ -75,34 +75,41 @@ $current_page = $_GET['action'];
PROCESSING
==============================================================================
*/
$safe_post_title = Security::remove_XSS($_POST['post_title']);
$safe_post_file_comment = Security::remove_XSS($_POST['post_file_comment']);
$safe_post_full_text = Security::remove_XSS($_POST['post_full_text']);
$safe_comment_text = Security::remove_XSS($_POST['comment_text']);
$safe_comment_title = Security::remove_XSS($_POST['comment_title']);
$safe_task_name = Security::remove_XSS($_POST['task_name']);
$safe_task_description = Security::remove_XSS($_POST['task_description']);
if (!empty($_POST['new_post_submit']) AND !empty($_POST['post_title']))
{
$safe_post_title = Security::remove_XSS($_POST['post_title']);
$safe_post_file_comment = Security::remove_XSS($_POST['post_file_comment']);
Blog :: create_post($safe_post_title, $_POST['post_full_text'], $safe_post_file_comment,$blog_id);
Blog :: create_post($safe_post_title, $safe_post_full_text, $safe_post_file_comment,$blog_id);
$return_message = array('type' => 'confirmation', 'message' => get_lang('BlogAdded'));
}
if (!empty($_POST['edit_post_submit']))
{
$safe_post_title = Security::remove_XSS($_POST['post_title']);
Blog :: edit_post($_POST['post_id'], $safe_post_title, $_POST['post_full_text'], $blog_id);
$safe_post_title = Security::remove_XSS($_POST['post_title']);
Blog :: edit_post($_POST['post_id'], $safe_post_title, $safe_post_full_text, $blog_id);
$return_message = array('type' => 'confirmation', 'message' => get_lang('BlogEdited'));
}
if (!empty($_POST['new_comment_submit']))
{
Blog :: create_comment($_POST['comment_title'], $_POST['comment_text'], $_POST['post_file_comment'],$blog_id, (int)$_GET['post_id'], $_POST['comment_parent_id']);
Blog :: create_comment($safe_comment_title, $safe_comment_text, $safe_post_file_comment,$blog_id, (int)$_GET['post_id'], $_POST['comment_parent_id']);
$return_message = array('type' => 'confirmation', 'message' => get_lang('CommentAdded'));
}
if (!empty($_POST['new_task_submit']))
{
Blog :: create_task($blog_id, $_POST['task_name'], $_POST['task_description'], $_POST['chkArticleDelete'], $_POST['chkArticleEdit'], $_POST['chkCommentsDelete'], $_POST['task_color']);
Blog :: create_task($blog_id, $safe_task_name, $safe_task_description, $_POST['chkArticleDelete'], $_POST['chkArticleEdit'], $_POST['chkCommentsDelete'], $_POST['task_color']);
$return_message = array('type' => 'confirmation', 'message' => get_lang('TaskCreated'));
}
if (isset($_POST['edit_task_submit']))
{
Blog :: edit_task($_POST['blog_id'], $_POST['task_id'], $_POST['task_name'], $_POST['task_description'], $_POST['chkArticleDelete'], $_POST['chkArticleEdit'],$_POST['chkCommentsDelete'], $_POST['task_color']);
Blog :: edit_task($_POST['blog_id'], $_POST['task_id'], $safe_task_name, $safe_task_description, $_POST['chkArticleDelete'], $_POST['chkArticleEdit'],$_POST['chkCommentsDelete'], $_POST['task_color']);
$return_message = array('type' => 'confirmation', 'message' => get_lang('TaskEdited'));
}
if (!empty($_POST['assign_task_submit']))
@ -118,7 +125,7 @@ if (isset($_POST['assign_task_edit_submit']))
}
if (!empty($_POST['new_task_execution_submit']))
{
Blog :: create_comment($_POST['comment_title'], $_POST['comment_text'], $blog_id, (int)$_GET['post_id'], $_POST['comment_parent_id'], $_POST['task_id']);
Blog :: create_comment($safe_comment_title, $safe_comment_text, $blog_id, (int)$_GET['post_id'], $_POST['comment_parent_id'], $_POST['task_id']);
$return_message = array('type' => 'confirmation', 'message' => get_lang('CommentCreated'));
}
if (!empty($_POST['register']))

4
main/wiki/index.php
Unescape View File

@ -2530,8 +2530,8 @@ function display_wiki_entry()
}
else
{
$content=$row['content'];
$title=$row['title'];
$content=Security::remove_XSS($row['content'],COURSEMANAGER);
$title= Security::remove_XSS($row['title']);
}

Write Preview
Loading…
Cancel
Save