[Web] Fix XSS in app password names

2021-05-07 14:49:21 +02:00 · 2021-05-07 14:49:21 +02:00 · 423ccb9ba9
parent f2ed26f026
commit 423ccb9ba9
2 changed files with 6 additions and 4 deletions
--- a/data/web/inc/functions.app_passwd.inc.php
+++ b/data/web/inc/functions.app_passwd.inc.php
@ -23,7 +23,7 @@ function app_passwd($_action, $_data = null) {
  }
  switch ($_action) {
    case 'add':
-      $app_name = trim($_data['app_name']);
+      $app_name = htmlspecialchars(trim($_data['app_name']));
      $password = $_data['app_passwd'];
      $password2 = $_data['app_passwd2'];
      $active = intval($_data['active']);
@ -94,7 +94,7 @@ function app_passwd($_action, $_data = null) {
          );
          continue;
        }
-        $app_name = trim($app_name);
+        $app_name = htmlspecialchars(trim($app_name));
        if (!empty($password) && !empty($password2)) {
          if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {
            $_SESSION['return'][] = array(
@ -198,6 +198,7 @@ function app_passwd($_action, $_data = null) {
        $app_passwd_data = array();
        return false;
      }
+      $app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name']));
      return $app_passwd_data;
    break;
  }
--- a/data/web/js/site/user.js
+++ b/data/web/js/site/user.js
@ -177,6 +177,7 @@ jQuery(function($){
        },
        success: function (data) {
          $.each(data, function (i, item) {
+            item.name = escapeHtml(item.name);
            if (acl_data.app_passwds === 1) {
              item.action = '<div class="btn-group">' +
                '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +