gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2026-01-13 04:46:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix potential XSS attack when deleting a folder/document

Browse Source
This commit is contained in:
Uwe Steinmann 2026-01-08 17:09:54 +01:00
parent fad28ee31e
commit 430e1ea81f
3 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -4,6 +4,7 @@
- fix rest api endpoint PUT /folder/{id}/comment
- show document preview when editing attributes of a document
- fix utilities which require translations
- fix potential XSS attack when deleting a folder/document
--------------------------------------------------------------------------------
Changes in version 5.1.44

4
views/bootstrap/class.Bootstrap.php
View File

@ -2618,7 +2618,7 @@ $(function() {
function printDeleteDocumentButton($document, $msg, $return=false){ /* {{{ */
$docid = $document->getID();
$content = '';
$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => htmlspecialchars($document->getName()))), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
if($return)
return $content;
else
@ -2692,7 +2692,7 @@ $(function() {
function printDeleteFolderButton($folder, $msg, $return=false){ /* {{{ */
$folderid = $folder->getID();
$content = '';
$content .= '<a class="delete-folder-btn" rel="'.$folderid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_folder", array ("foldername" => $folder->getName())), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
$content .= '<a class="delete-folder-btn" rel="'.$folderid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_folder", array ("foldername" => htmlspecialchars($folder->getName()))), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
if($return)
return $content;
else

4
views/bootstrap4/class.Bootstrap4.php
View File

@ -2644,7 +2644,7 @@ $(function() {
function printDeleteDocumentButton($document, $msg, $return=false){ /* {{{ */
$docid = $document->getID();
$content = '';
$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => $document->getName())), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
$content .= '<a class="delete-document-btn" rel="'.$docid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_document", array ("documentname" => htmlspecialchars($document->getName()))), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
if($return)
return $content;
else
@ -2724,7 +2724,7 @@ $(function() {
function printDeleteFolderButton($folder, $msg, $return=false){ /* {{{ */
$folderid = $folder->getID();
$content = '';
$content .= '<a class="delete-folder-btn" rel="'.$folderid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_folder", array ("foldername" => $folder->getName())), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
$content .= '<a class="delete-folder-btn" rel="'.$folderid.'" msg="'.getMLText($msg).'" confirmmsg="'.htmlspecialchars(getMLText("confirm_rm_folder", array ("foldername" => htmlspecialchars($folder->getName()))), ENT_QUOTES).'" title="'.getMLText("delete").'"><i class="fa fa-remove"></i></a>';
if($return)
return $content;
else