chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security: Remove "Security::remove_XSS", fix htmleditor get value

Browse Source 
Related:

099ec4117e
pull/2733/head
Julio Montoya 7 years ago
parent b3fa8b01b0
commit d9c37bf1f3
3 changed files with 41 additions and 18 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 8
      main/inc/ajax/agenda.ajax.php
  2. 13
      main/inc/lib/formvalidator/Element/HtmlEditor.php
  3. 38
      main/inc/lib/pear/HTML/QuickForm/element.php

8
main/inc/ajax/agenda.ajax.php
Unescape View File

@ -1,8 +1,10 @@
<?php <?php
/* For licensing terms, see /license.txt */ /* For licensing terms, see /license.txt */
/** /**
* Responses to AJAX calls. * Responses to AJAX calls.
*/ */
$type = isset($_REQUEST['type']) && in_array($_REQUEST['type'], ['personal', 'course', 'admin']) ? $_REQUEST['type'] : 'personal'; $type = isset($_REQUEST['type']) && in_array($_REQUEST['type'], ['personal', 'course', 'admin']) ? $_REQUEST['type'] : 'personal';
if ($type == 'personal') { if ($type == 'personal') {
@ -28,9 +30,9 @@ switch ($action) {
break; break;
} }
$add_as_announcement = isset($_REQUEST['add_as_annonuncement']) ? $_REQUEST['add_as_annonuncement'] : null; $add_as_announcement = isset($_REQUEST['add_as_annonuncement']) ? $_REQUEST['add_as_annonuncement'] : null;
$title = isset($_REQUEST['title']) ? Security::remove_XSS($_REQUEST['title']) : null; $title = isset($_REQUEST['title']) ? $_REQUEST['title'] : null;
$content = isset($_REQUEST['content']) ? Security::remove_XSS($_REQUEST['content']) : null; $content = isset($_REQUEST['content']) ? $_REQUEST['content'] : null;
$comment = isset($_REQUEST['comment']) ? Security::remove_XSS($_REQUEST['comment']) : null; $comment = isset($_REQUEST['comment']) ? $_REQUEST['comment'] : null;
$userToSend = isset($_REQUEST['users_to_send']) ? $_REQUEST['users_to_send'] : []; $userToSend = isset($_REQUEST['users_to_send']) ? $_REQUEST['users_to_send'] : [];
echo $agenda->addEvent( echo $agenda->addEvent(

13
main/inc/lib/formvalidator/Element/HtmlEditor.php
Unescape View File

@ -31,7 +31,7 @@ class HtmlEditor extends HTML_QuickForm_textarea
$config = [] $config = []
) { ) {
if (empty($name)) { if (empty($name)) {
return false; throw new \Exception('Name is required');
} }
parent::__construct($name, $elementLabel, $attributes); parent::__construct($name, $elementLabel, $attributes);
@ -54,9 +54,9 @@ class HtmlEditor extends HTML_QuickForm_textarea
*/ */
public function toHtml() public function toHtml()
{ {
$value = Security::remove_XSS($this->getValue());
if ($this->editor) { if ($this->editor) {
if ($this->editor->getConfigAttribute('fullPage')) { if ($this->editor->getConfigAttribute('fullPage')) {
$value = $this->getValue();
if (strlen(trim($value)) == 0) { if (strlen(trim($value)) == 0) {
// TODO: To be considered whether here to add // TODO: To be considered whether here to add
// language and character set declarations. // language and character set declarations.
@ -70,10 +70,9 @@ class HtmlEditor extends HTML_QuickForm_textarea
return $this->getFrozenHtml(); return $this->getFrozenHtml();
} else { } else {
$styleCss = $this->editor->getConfigAttribute('style'); $styleCss = $this->editor->getConfigAttribute('style');
$style = false;
if ($styleCss) { if ($styleCss) {
$style = true; $style = true;
} else {
$style = false;
} }
return $this->buildEditor($style); return $this->buildEditor($style);
@ -87,7 +86,7 @@ class HtmlEditor extends HTML_QuickForm_textarea
*/ */
public function getFrozenHtml() public function getFrozenHtml()
{ {
return $this->getValue(); return $this->getCleanValue();
} }
/** /**
@ -99,9 +98,9 @@ class HtmlEditor extends HTML_QuickForm_textarea
{ {
$result = ''; $result = '';
if ($this->editor) { if ($this->editor) {
$this->editor->value = Security::remove_XSS($this->getValue()); $this->editor->value = $this->getCleanValue();
$this->editor->setName($this->getName()); $this->editor->setName($this->getName());
if ($style == true) { if ($style === true) {
$result = $this->editor->createHtmlStyle(); $result = $this->editor->createHtmlStyle();
} else { } else {
$result = $this->editor->createHtml(); $result = $this->editor->createHtml();

38
main/inc/lib/pear/HTML/QuickForm/element.php
Unescape View File

@ -253,12 +253,30 @@ class HTML_QuickForm_element extends HTML_Common
*/ */
public function getValue() public function getValue()
{ {
// interface
return null; return null;
} // end func getValue }
// }}} /**
// {{{ freeze() * @return string
*/
public function getCleanValue()
{
$value = $this->cleanValueFromParameter($this->getValue());
return $value;
}
/**
* @param string $value
*
* @return string
*/
public function cleanValueFromParameter($value)
{
$value = @htmlspecialchars($value, ENT_COMPAT, HTML_Common::charset());
return $value;
}
/** /**
* Freeze the element so that only its value is returned * Freeze the element so that only its value is returned
@ -302,12 +320,16 @@ class HTML_QuickForm_element extends HTML_Common
// Modified by Ivan Tcholakov, 16-MAR-2010. // Modified by Ivan Tcholakov, 16-MAR-2010.
//return ('' != $value? htmlspecialchars($value): '&nbsp;') . //return ('' != $value? htmlspecialchars($value): '&nbsp;') .
// $this->_getPersistantData(); // $this->_getPersistantData();
if (!empty($value)) {
$value = $this->getCleanValue();
} else {
$value = '&nbsp;';
}
$value .= $this->_getPersistantData();
$value = ('' != $value ? @htmlspecialchars($value, ENT_COMPAT, HTML_Common::charset()): '&nbsp;') .
$this->_getPersistantData();
return '<span class="freeze">'.$value.'</span>'; return '<span class="freeze">'.$value.'</span>';
// }
} //end func getFrozenHtml
/** /**
* Used by getFrozenHtml() to pass the element's value if _persistantFreeze is on * Used by getFrozenHtml() to pass the element's value if _persistantFreeze is on

Write Preview
Loading…
Cancel
Save