tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 16:24:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

The XSS vulnerability is corrected by adding entities to the Subject field

Browse Source
This commit is contained in:
Jorge Rincon 2023-09-25 12:29:25 +02:00
parent 738428a816
commit 32c47c97ed
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/operation/messages/message_edit.php
View File

@ -38,7 +38,7 @@ $send_mes = (bool) get_parameter('send_mes', false);
$new_msg = (string) get_parameter('new_msg'); $new_msg = (string) get_parameter('new_msg');
$dst_user = get_parameter('dst_user'); $dst_user = get_parameter('dst_user');
$dst_group = get_parameter('dst_group'); $dst_group = get_parameter('dst_group');
$subject = io_safe_html_tags(get_parameter('subject')); $subject = io_safe_input(get_parameter('subject'));
$message = (string) get_parameter('message'); $message = (string) get_parameter('message');
$read_message = (bool) get_parameter('read_message', false); $read_message = (bool) get_parameter('read_message', false);
$reply = (bool) get_parameter('reply', false); $reply = (bool) get_parameter('reply', false);
@ -132,7 +132,7 @@ if ($read_message) {
echo '<h1>Conversation with '.$user_name.'</h1>'; echo '<h1>Conversation with '.$user_name.'</h1>';
} }
echo '<h2>Subject: '.$message['subject'].'</h2>'; echo '<h2>Subject: '.io_safe_output($message['subject']).'</h2>';
$conversation = messages_get_conversation($message); $conversation = messages_get_conversation($message);

2
pandora_console/operation/messages/message_list.php
View File

@ -259,7 +259,7 @@ if (empty($messages) === true) {
$pathSubject = 'index.php?sec=message_list&amp;sec2=operation/messages/message_edit&amp;read_message=1&amp;id_message='.$message_id; $pathSubject = 'index.php?sec=message_list&amp;sec2=operation/messages/message_edit&amp;read_message=1&amp;id_message='.$message_id;
} }
$contentSubject = (empty($message['subject']) === true) ? __('No Subject') : $message['subject']; $contentSubject = (empty($message['subject']) === true) ? __('No Subject') : io_safe_output($message['subject']);
if ((int) $message['read'] !== 1) { if ((int) $message['read'] !== 1) {
$contentSubject = '<strong>'.$contentSubject.'</strong>'; $contentSubject = '<strong>'.$contentSubject.'</strong>';