Merge branch 'v3-stable' into beta

Conflicts: src/include/functions_common.php
2025-09-21 17:08:00 +02:00 · 2012-06-19 12:15:42 +02:00 · 2012-06-19 12:15:42 +02:00 · 0c9bd09097
commit 0c9bd09097
parent c014170ddd 9c127f6752
4 changed files with 29 additions and 17 deletions
--- a/8
+++ b/8
@ -1,3 +1,11 @@
+---------------------------------------------------------------------------
+Version 3.5.5 (beta), 2012-06-19
+- Merged security fixes into beta branch
+---------------------------------------------------------------------------
+Version 3.4.4 (stable), 2012-06-19
+- Fixed cross-site scripting vulnerability of highlight parameter 
+  on index.php page. 
+---------------------------------------------------------------------------
 Version 3.5.4 (beta), 2012-05-22
 - Merged security fixes into beta branch
 ---------------------------------------------------------------------------
--- a/src/include/functions_common.php
+++ b/src/include/functions_common.php
@ -66,7 +66,7 @@ $LANG_EN = "en";	// Used for fallback
 $LANG = "en";		// Default language

 // Default Template vars
-$content['BUILDNUMBER'] = "3.5.4";
+$content['BUILDNUMBER'] = "3.5.5";
 $content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt";
 $content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER'];	// Default page title 
 $content['BASEPATH'] = $gl_root_path;
--- a/src/index.php
+++ b/src/index.php
@ -124,6 +124,7 @@ $content['sorting'] = "";
 $content['searchstr'] = "";
 $content['searchstr_htmlform'] = "";
 $content['highlightstr'] = "";
+$content['highlightstr_htmlform'] = "";
 $content['EXPAND_HIGHLIGHT'] = "false";

 // --- Read and process filters from search dialog!
@ -142,19 +143,22 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte

 	// Optionally read highlight words
 	if ( isset($_POST['highlight']) )
-		$content['highlightstr'] = $_POST['highlight'];
-	else if ( isset($_GET['highlight']) )
-		$content['highlightstr'] = $_GET['highlight'];
-	
-//	else if ( $mysearch == $content['LN_SEARCH']) 
 	{
+		$content['highlightstr'] = $_POST['highlight'];
+		$content['highlightstr_htmlform'] = htmlspecialchars($_POST['highlight']);
+	}
+	else if ( isset($_GET['highlight']) )
+	{
+		$content['highlightstr'] = $_GET['highlight'];
+		$content['highlightstr_htmlform'] = htmlspecialchars($_GET['highlight']);
+	}
+	
 	// Message is just appended
 	if ( isset($myfilter) && strlen($myfilter) > 0 )
 	{
 		$content['searchstr'] = $myfilter;
 		$content['searchstr_htmlform'] = htmlspecialchars($myfilter);
 	}
-	}

 	if ( strlen($content['highlightstr']) > 0 ) 
 	{
@ -165,7 +169,7 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte
 		if ( strpos($content['highlightstr'], ",") === false)
 		{

-			$content['highlightwords'][0]['highlight_raw'] = $content['highlightstr'];
+			$content['highlightwords'][0]['highlight_html'] = htmlspecialchars($content['highlightstr']);
 			$content['highlightwords'][0]['highlight'] = str_replace( $searchArray, $replaceArray, $content['highlightstr']);
 			$content['highlightwords'][0]['cssclass'] = "highlight_1";
 			$content['highlightwords'][0]['htmlcode'] = '<span class="' . $content['highlightwords'][0]['cssclass'] . '">' . $content['highlightwords'][0]['highlight']. '</span>';
@ -175,12 +179,12 @@ if ( (isset($_POST['search']) || isset($_GET['search'])) || (isset($_POST['filte
 			// Split array into words
 			$tmparray = explode( ",", $content['highlightstr'] );
 			foreach( $tmparray as $word ) 
-				$content['highlightwords'][]['highlight_raw'] = $word;
+				$content['highlightwords'][]['highlight_html'] = htmlspecialchars($word);
 			
 			// Assign other variables needed for this array entry
 			for ($i = 0; $i < count($content['highlightwords']); $i++)
 			{
-				$content['highlightwords'][$i]['highlight'] = str_replace( $searchArray, $replaceArray, $content['highlightwords'][$i]['highlight_raw']);
+				$content['highlightwords'][$i]['highlight'] = str_replace( $searchArray, $replaceArray, $content['highlightwords'][$i]['highlight_html']);
 				$content['highlightwords'][$i]['cssclass'] = "highlight_" . ($i+1);
 				$content['highlightwords'][$i]['htmlcode'] = '<span class="' . $content['highlightwords'][$i]['cssclass'] . '">' . $content['highlightwords'][$i]['highlight']. '</span>';
 			}
--- a/src/templates/index.html
+++ b/src/templates/index.html
@ -65,7 +65,7 @@
 	</tr>
 	<tr>
 		<td align="left" class="line1" nowrap>
-			<input maxlength="2048" name="highlight" size="75" title="Search" value="{highlightstr}">
+			<input maxlength="2048" name="highlight" size="75" title="Search" value="{highlightstr_htmlform}">
 			<input name="search" type="submit" value="{LN_SEARCH}" class="SearchFormControl">
 		</td>
 	</tr>
@ -75,7 +75,7 @@
 			<table border="0" cellpadding="1" cellspacing="1" width="100%" align="center">
 			<tr>
 			<!-- BEGIN highlightwords -->
-				<td class="{cssclass}" align="center"><b>{highlight_raw}</b></td>
+				<td class="{cssclass}" align="center"><b>{highlight_html}</b></td>
 			<!-- END highlightwords -->
 			</tr>
 			</table>