SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables
This commit is contained in:
Deon George
parent
88d41216f9
commit
74434e5ca3
@ -34,7 +34,7 @@ if ($request['attribute']->isReadOnly())
|
|||||||
# Render the form
|
# Render the form
|
||||||
if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
|
if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
|
||||||
# Render the form.
|
# Render the form.
|
||||||
$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),$request['attr'],_('value to'),get_rdn($request['dn'])));
|
$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),htmlspecialchars($request['attr']),_('value to'),htmlspecialchars(get_rdn($request['dn']))));
|
||||||
$request['page']->drawSubTitle();
|
$request['page']->drawSubTitle();
|
||||||
|
|
||||||
if (! strcasecmp($request['attr'],'objectclass')) {
|
if (! strcasecmp($request['attr'],'objectclass')) {
|
||||||
|
|||||||
@ -29,12 +29,12 @@ if ($request['file']) {
|
|||||||
|
|
||||||
header('Content-type: application/download');
|
header('Content-type: application/download');
|
||||||
header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : '')));
|
header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : '')));
|
||||||
$request['export']->export();
|
echo $request['export']->export();
|
||||||
die();
|
die();
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
print '<span style="font-size: 14px; font-family: courier;"><pre>';
|
print '<span style="font-size: 14px; font-family: courier;"><pre>';
|
||||||
$request['export']->export();
|
echo htmlspecialchars($request['export']->export());
|
||||||
print '</pre></span>';
|
print '</pre></span>';
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|||||||
@ -324,9 +324,9 @@ class ExportCSV extends Export {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($this->compress)
|
if ($this->compress)
|
||||||
echo gzencode($output);
|
return gzencode($output);
|
||||||
else
|
else
|
||||||
echo $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -428,9 +428,9 @@ class ExportDSML extends Export {
|
|||||||
$output .= sprintf('</dsml>%s',$this->br);
|
$output .= sprintf('</dsml>%s',$this->br);
|
||||||
|
|
||||||
if ($this->compress)
|
if ($this->compress)
|
||||||
echo gzencode($output);
|
return gzencode($output);
|
||||||
else
|
else
|
||||||
echo $output;
|
return $output;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -506,9 +506,9 @@ class ExportLDIF extends Export {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($this->compress)
|
if ($this->compress)
|
||||||
echo gzencode($output);
|
return gzencode($output);
|
||||||
else
|
else
|
||||||
echo $output;
|
return $output;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -633,9 +633,9 @@ class ExportVCARD extends Export {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($this->compress)
|
if ($this->compress)
|
||||||
echo gzencode($output);
|
return gzencode($output);
|
||||||
else
|
else
|
||||||
echo $output;
|
return $output;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user