Merge pull request #3526 from Icinga/fix/some-xss-vulnerabilities

Fix some XSS vulnerabilities
2018-07-16 09:58:23 +02:00 · 2018-07-16 09:58:23 +02:00 · 67929064cc
parent 11f1a287ab 84622bf27b
commit 67929064cc
4 changed files with 6 additions and 6 deletions
--- a/application/layouts/scripts/body.phtml
+++ b/application/layouts/scripts/body.phtml
@ -46,7 +46,7 @@ if ($this->layout()->inlineLayout) {
 </div>
 <?php endif ?>
 <div id="main" role="main">
-  <div id="col1" class="container<?= $moduleClass ?>"<?php if ($moduleName): ?> data-icinga-module="<?= $moduleName ?>" <?php endif ?> data-icinga-url="<?= Url::fromRequest()->without('renderLayout'); ?>"<?= $refresh; ?> style="display: block">
+  <div id="col1" class="container<?= $moduleClass ?>"<?php if ($moduleName): ?> data-icinga-module="<?= $moduleName ?>" <?php endif ?> data-icinga-url="<?= $this->escape(Url::fromRequest()->without('renderLayout')->getAbsoluteUrl()); ?>"<?= $refresh; ?> style="display: block">
    <?= $this->render($inlineLayoutScript) ?>
  </div>
  <div id="col2" class="container">
--- a/application/views/scripts/mixedPagination.phtml
+++ b/application/views/scripts/mixedPagination.phtml
@ -10,7 +10,7 @@
            $this->totalItemCount
        ) ?>
        <li class="nav-item">
-            <a  href="<?= $this->url()->overwriteParams(array('page' => $this->previous)) ?>"
+            <a  href="<?= $this->escape($this->url()->overwriteParams(array('page' => $this->previous))->getAbsoluteUrl()) ?>"
                title="<?= $label ?>"
                aria-label="<?= $label ?>"
                class="previous-page">
@ -44,7 +44,7 @@
            );
            ?>
            <li<?= $page === $this->current ? ' class="active nav-item"' : ' class="nav-item"' ?>>
-                <a  href="<?= $this->url()->overwriteParams(array('page' => $page)) ?>"
+                <a  href="<?= $this->escape($this->url()->overwriteParams(array('page' => $page))->getAbsoluteUrl()) ?>"
                    title="<?= $label ?>"
                    aria-label="<?= $label ?>">
                    <?= $page ?>
@ -60,7 +60,7 @@
            $this->totalItemCount
        ) ?>
        <li class="nav-item">
-            <a  href="<?= $this->url()->overwriteParams(array('page' => $this->next)) ?>"
+            <a  href="<?= $this->escape($this->url()->overwriteParams(array('page' => $this->next))->getAbsoluteUrl()) ?>"
                title="<?= $label ?>"
                aria-label="<?= $label ?>"
                class="next-page">
--- a/library/Icinga/Web/Widget/Tab.php
+++ b/library/Icinga/Web/Widget/Tab.php
@ -309,7 +309,7 @@ class Tab extends AbstractWidget

            $tab = sprintf(
                '<a href="%s"%s>%s</a>',
-                $this->url,
+                $this->view()->escape($this->url->getAbsoluteUrl()),
                $params,
                $caption
            );
--- a/library/Icinga/Web/Widget/Tabs.php
+++ b/library/Icinga/Web/Widget/Tabs.php
@ -342,7 +342,7 @@ EOT;
                '{LABEL}'
            ),
            array(
-                $url,
+                $this->view()->escape($url->getAbsoluteUrl()),
                $title,
                $label
            ),