Add security fixes from 1.11.x

4 years ago · b9a58417c1
parent 806785dfb6
commit b9a58417c1
5 changed files with 18 additions and 12 deletions
--- a/public/main/admin/export_certificates.php
+++ b/public/main/admin/export_certificates.php
@ -3,6 +3,7 @@

 $cidReset = true;
 require_once __DIR__.'/../inc/global.inc.php';
+api_protect_admin_script(true);
 Display::display_header(null);

 $form = new FormValidator('export_certificate');
--- a/public/main/inc/lib/api.lib.php
+++ b/public/main/inc/lib/api.lib.php
@ -7358,7 +7358,7 @@ function api_get_protocol()
 */
 function api_get_origin()
 {
-    return isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';
+    return isset($_REQUEST['origin']) ? urlencode(Security::remove_XSS(urlencode($_REQUEST['origin']))) : '';
 }

 /**
--- a/public/main/inc/lib/nusoap/class.wsdl.php
+++ b/public/main/inc/lib/nusoap/class.wsdl.php
@ -762,6 +762,8 @@ class wsdl extends nusoap_base
 			$this->setError("Neither _SERVER nor HTTP_SERVER_VARS is available");
 		}

+		$url = '<a href="'.$PHP_SELF.'?wsdl">WSDL</a>';
+        $url = Security::remove_XSS($url);
 		$b = '
 		<html><head><title>NuSOAP: '.$this->serviceName.'</title>
 		<style type="text/css">
@ -842,7 +844,7 @@ class wsdl extends nusoap_base
 			<br><br>
 			<div class=title>'.$this->serviceName.'</div>
 			<div class=nav>
-				<p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
+				<p>View the '.$url.' for the service.
 				Click on an operation name to view it&apos;s details.</p>
 				<ul>';
 				foreach($this->getOperations() as $op => $data){
@ -852,13 +854,13 @@ class wsdl extends nusoap_base
 				    <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
 				    foreach($data as $donnie => $marie){ // loop through opdata
 						if($donnie == 'input' || $donnie == 'output'){ // show input/output data
-						    $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
+						    $b .= Security::remove_XSS("<font color='white'>".ucfirst($donnie).':</font><br>');
 						    foreach($marie as $captain => $tenille){ // loop through data
 								if($captain == 'parts'){ // loop thru parts
 								    $b .= "&nbsp;&nbsp;$captain:<br>";
 					                //if(is_array($tenille)){
 								    	foreach($tenille as $joanie => $chachi){
-											$b .= "&nbsp;&nbsp;&nbsp;&nbsp;$joanie: $chachi<br>";
+											$b .= Security::remove_XSS("&nbsp;&nbsp;&nbsp;&nbsp;$joanie: $chachi<br>");
 								    	}
 					        		//}
 								} else {
@ -866,7 +868,7 @@ class wsdl extends nusoap_base
 								}
 						    }
 						} else {
-						    $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
+						    $b .= Security::remove_XSS("<font color='white'>".ucfirst($donnie).":</font> $marie<br>");
 						}
 				    }
 					$b .= '</div>';
--- a/public/main/permissions/roles.php
+++ b/public/main/permissions/roles.php
@ -1,6 +1,9 @@
 <?php

 require '../inc/global.inc.php';
+
+api_protect_course_script();
+
 require_once 'permissions_functions.inc.php';
 require_once 'all_permissions.inc.php';

--- a/public/main/work/work.lib.php
+++ b/public/main/work/work.lib.php
@ -1248,7 +1248,7 @@ function getWorkListStudent(
                $where_condition
            ";

-    $sql .= " ORDER BY $column $direction ";
+    $sql .= " ORDER BY `$column` $direction ";

    if (!empty($start) && !empty($limit)) {
        $sql .= " LIMIT $start, $limit";
@ -1449,7 +1449,7 @@ function getAllWorkListStudent(
                $where
            ";

-    $sql .= " ORDER BY $column $direction ";
+    $sql .= " ORDER BY `$column` $direction ";

    if (!empty($start) && !empty($limit)) {
        $sql .= " LIMIT $start, $limit";
@ -1614,7 +1614,7 @@ function getWorkListTeacher(
                    parent_id = 0 AND
                    post_group_id = $groupIid
                    $where_condition
-                ORDER BY $column $direction
+                ORDER BY `$column` $direction
                LIMIT $start, $limit";
        $result = Database::query($sql);*/

@ -1852,7 +1852,7 @@ function get_work_user_list_from_documents(
        return $result['count'];
    }

-    $sql .= " ORDER BY $column $direction";
+    $sql .= " ORDER BY `$column` $direction";
    $sql .= " LIMIT $start, $limit";

    $result = Database::query($sql);
@ -2117,7 +2117,7 @@ function get_work_user_list(
                    $whereCondition
                    $condition_session
                    AND u.status != ".INVITEE."
-                ORDER BY $column $direction";
+                ORDER BY `$column` $direction";

        if (!empty($start) && !empty($limit)) {
            $sql .= " LIMIT $start, $limit";
@ -2647,7 +2647,7 @@ function getAllWork(
                $statusCondition
                AND u.status != ".INVITEE;

-    $sql .= " ORDER BY $column $direction ";
+    $sql .= " ORDER BY `$column` $direction ";

    if (!empty($start) && !empty($limit)) {
        $sql .= " LIMIT $start, $limit";
@ -5805,7 +5805,7 @@ function getWorkUserList($courseCode, $sessionId, $groupId, $start, $limit, $sid

        if (!empty($sidx) && !empty($sord)) {
            if (in_array($sidx, ['firstname', 'lastname'])) {
-                $orderBy = "ORDER BY $sidx $sord";
+                $orderBy = "ORDER BY `$sidx` $sord";
            }
        }