mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-10-31 05:11:27 +00:00
- fixed possible xss security holes
This commit is contained in:
steinm
parent
3a9d93afc5
commit
71d0efd1f1
|
|
@ -27,6 +27,11 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('adddocument')) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,6 +27,11 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.ClassEmail.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('addsubfolder')) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,6 +27,11 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.ClassEmail.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('editcomment')) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,6 +43,12 @@ if ($folder->getAccessMode($user) < M_ALL) {
|
|||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
/* FIXME: Currently GET request are allowed. */
|
||||
if(!checkFormKey('folderaccess', 'GET')) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
switch ($_GET["action"]) {
|
||||
case "setowner":
|
||||
case "delaccess":
|
||||
|
|
|
|||
|
|
@ -25,6 +25,11 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
/* Check if the form data comes for a trusted request */
|
||||
if(!checkFormKey('removeversion')) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
|
||||
}
|
||||
|
||||
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -288,29 +288,29 @@ foreach ($entries as $entry) {
|
|||
print "<tr>";
|
||||
//print "<td><img src=\"../out/images/file.gif\" class=\"mimeicon\"></td>";
|
||||
if (in_array(2, $searchin)) {
|
||||
$docName = markQuery($document->getName(), "i");
|
||||
$docName = markQuery(htmlspecialchars($document->getName()), "i");
|
||||
} else {
|
||||
$docName = $document->getName();
|
||||
$docName = htmlspecialchars($document->getName());
|
||||
}
|
||||
print "<td><a class=\"standardText\" href=\"../out/out.ViewDocument.php?documentid=".$document->getID()."\"><img class=\"mimeicon\" src=\"../out/images/icons/".UI::getMimeIcon($lc->getFileType())."\" title=\"".$lc->getMimeType()."\"></a></td>";
|
||||
print "<td><a class=\"standardText\" href=\"../out/out.ViewDocument.php?documentid=".$document->getID()."\">/";
|
||||
$folder = $document->getFolder();
|
||||
$path = $folder->getPath();
|
||||
for ($i = 1; $i < count($path); $i++) {
|
||||
print $path[$i]->getName()."/";
|
||||
print htmlspecialchars($path[$i]->getName())."/";
|
||||
}
|
||||
print $docName;
|
||||
print "</a></td>";
|
||||
|
||||
$owner = $document->getOwner();
|
||||
print "<td>".$owner->getFullName()."</td>";
|
||||
print "<td>".htmlspecialchars($owner->getFullName())."</td>";
|
||||
$display_status=$lc->getStatus();
|
||||
print "<td>".getOverallStatusText($display_status["status"]). "</td>";
|
||||
|
||||
print "<td class=\"center\">".$lc->getVersion()."</td>";
|
||||
|
||||
if (in_array(3, $searchin)) $comment = markQuery($document->getComment());
|
||||
else $comment = $document->getComment();
|
||||
if (in_array(3, $searchin)) $comment = markQuery(htmlspecialchars($document->getComment()));
|
||||
else $comment = htmlspecialchars($document->getComment());
|
||||
if (strlen($comment) > 50) $comment = substr($comment, 0, 47) . "...";
|
||||
print "<td>".$comment."</td>";
|
||||
print "</tr>\n";
|
||||
|
|
@ -318,25 +318,25 @@ foreach ($entries as $entry) {
|
|||
$folder = $entry;
|
||||
$foldercount++;
|
||||
if (in_array(2, $searchin)) {
|
||||
$folderName = markQuery($folder->getName(), "i");
|
||||
$folderName = markQuery(htmlspecialchars($folder->getName()), "i");
|
||||
} else {
|
||||
$folderName = $folder->getName();
|
||||
$folderName = htmlspecialchars($folder->getName());
|
||||
}
|
||||
print "<td><a class=\"standardText\" href=\"../out/out.ViewFolder.php?folderid=".$folder->getID()."\"><img src=\"../out/images/folder_closed.gif\" width=18 height=18 border=0></a></td>";
|
||||
print "<td><a class=\"standardText\" href=\"../out/out.ViewFolder.php?folderid=".$folder->getID()."\">";
|
||||
$path = $folder->getPath();
|
||||
for ($i = 1; $i < count($path); $i++) {
|
||||
print "/".$path[$i]->getName();
|
||||
print "/".htmlspecialchars($path[$i]->getName());
|
||||
}
|
||||
print $foldername;
|
||||
print "</a></td>";
|
||||
|
||||
$owner = $folder->getOwner();
|
||||
print "<td>".$owner->getFullName()."</td>";
|
||||
print "<td>".htmlspecialchars($owner->getFullName())."</td>";
|
||||
print "<td></td>";
|
||||
print "<td></td>";
|
||||
if (in_array(3, $searchin)) $comment = markQuery($folder->getComment());
|
||||
else $comment = $folder->getComment();
|
||||
if (in_array(3, $searchin)) $comment = markQuery(htmlspecialchars($folder->getComment()));
|
||||
else $comment = htmlspecialchars($folder->getComment());
|
||||
if (strlen($comment) > 50) $comment = substr($comment, 0, 47) . "...";
|
||||
print "<td>".$comment."</td>";
|
||||
print "</tr>\n";
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user