tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Console] Fixed an XSS vulnerability into the 'ui_print_truncate_text' function

This commit is contained in:
Alejandro Gallardo Escobar 2017-10-27 13:25:17 +02:00
parent 1dd8f630f8
commit c687e6a97b
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pandora_console/include/functions_ui.php
View File

@ -94,7 +94,9 @@ function ui_print_truncate_text($text, $numChars = GENERIC_SIZE_TEXT, $showTextI
}
}
$text = io_safe_output($text);
$text_html_decoded = io_safe_output($text);
$text_has_entities = $text != $text_html_decoded;
if (mb_strlen($text, "UTF-8") > ($numChars)) {
// '/2' because [...] is in the middle of the word.
$half_length = intval(($numChars - 3) / 2);
@ -102,14 +104,17 @@ function ui_print_truncate_text($text, $numChars = GENERIC_SIZE_TEXT, $showTextI
// Depending on the strange behavior of mb_strimwidth() itself,
// the 3rd parameter is not to be $numChars but the length of
// original text (just means 'large enough').
$truncateText2 = mb_strimwidth($text,
(mb_strlen($text, "UTF-8") - $half_length),
mb_strlen($text, "UTF-8"), "", "UTF-8" );
$truncateText2 = mb_strimwidth($text_html_decoded,
(mb_strlen($text_html_decoded, "UTF-8") - $half_length),
mb_strlen($text_html_decoded, "UTF-8"), "", "UTF-8" );
$truncateText = mb_strimwidth($text, 0,
($numChars - $half_length), "", "UTF-8") . $suffix;
$truncateText = mb_strimwidth($text_html_decoded, 0,
($numChars - $half_length), "", "UTF-8");
$truncateText = $truncateText . $truncateText2;
// Recover the html entities to avoid XSS attacks
$truncateText = ($text_has_entities)
? io_safe_input($truncateText) . $suffix . io_safe_input($truncateText2)
: $truncateText . $suffix . $truncateText2;
if ($showTextInTitle) {
if ($style === null) {