paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Web] Fix XSS in app password names

master
andryyy 2021-05-07 14:49:21 +02:00
parent f2ed26f026
commit 423ccb9ba9
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
data/web/inc/functions.app_passwd.inc.php
View File

@ -23,7 +23,7 @@ function app_passwd($_action, $_data = null) {
} }
switch ($_action) { switch ($_action) {
case 'add': case 'add':
$app_name = trim($_data['app_name']); $app_name = htmlspecialchars(trim($_data['app_name']));
$password = $_data['app_passwd']; $password = $_data['app_passwd'];
$password2 = $_data['app_passwd2']; $password2 = $_data['app_passwd2'];
$active = intval($_data['active']); $active = intval($_data['active']);
@ -94,7 +94,7 @@ function app_passwd($_action, $_data = null) {
); );
continue; continue;
} }
$app_name = trim($app_name); $app_name = htmlspecialchars(trim($app_name));
if (!empty($password) && !empty($password2)) { if (!empty($password) && !empty($password2)) {
if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) { if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
$_SESSION['return'][] = array( $_SESSION['return'][] = array(
@ -198,6 +198,7 @@ function app_passwd($_action, $_data = null) {
$app_passwd_data = array(); $app_passwd_data = array();
return false; return false;
} }
$app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name']));
return $app_passwd_data; return $app_passwd_data;
break; break;
} }

1
data/web/js/site/user.js
View File

@ -177,6 +177,7 @@ jQuery(function($){
}, },
success: function (data) { success: function (data) {
$.each(data, function (i, item) { $.each(data, function (i, item) {
item.name = escapeHtml(item.name);
if (acl_data.app_passwds === 1) { if (acl_data.app_passwds === 1) {
item.action = '<div class="btn-group">' + item.action = '<div class="btn-group">' +
'<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' + '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +