From 423ccb9ba93e6d66464584f252fed9cdc1dd3eb8 Mon Sep 17 00:00:00 2001 From: andryyy Date: Fri, 7 May 2021 14:49:21 +0200 Subject: [PATCH] [Web] Fix XSS in app password names --- data/web/inc/functions.app_passwd.inc.php | 9 +++++---- data/web/js/site/user.js | 1 + 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/data/web/inc/functions.app_passwd.inc.php b/data/web/inc/functions.app_passwd.inc.php index c4b00260..8c8ad18a 100644 --- a/data/web/inc/functions.app_passwd.inc.php +++ b/data/web/inc/functions.app_passwd.inc.php @@ -23,9 +23,9 @@ function app_passwd($_action, $_data = null) { } switch ($_action) { case 'add': - $app_name = trim($_data['app_name']); - $password = $_data['app_passwd']; - $password2 = $_data['app_passwd2']; + $app_name = htmlspecialchars(trim($_data['app_name'])); + $password = $_data['app_passwd']; + $password2 = $_data['app_passwd2']; $active = intval($_data['active']); $domain = mailbox('get', 'mailbox_details', $username)['domain']; if (empty($domain)) { @@ -94,7 +94,7 @@ function app_passwd($_action, $_data = null) { ); continue; } - $app_name = trim($app_name); + $app_name = htmlspecialchars(trim($app_name)); if (!empty($password) && !empty($password2)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { $_SESSION['return'][] = array( @@ -198,6 +198,7 @@ function app_passwd($_action, $_data = null) { $app_passwd_data = array(); return false; } + $app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name'])); return $app_passwd_data; break; } diff --git a/data/web/js/site/user.js b/data/web/js/site/user.js index 0fdec8f9..a40cd145 100644 --- a/data/web/js/site/user.js +++ b/data/web/js/site/user.js @@ -177,6 +177,7 @@ jQuery(function($){ }, success: function (data) { $.each(data, function (i, item) { + item.name = escapeHtml(item.name); if (acl_data.app_passwds === 1) { item.action = '
' + ' ' + lang.edit + '' +