SF Bug #3497660 - XSS flaws via 'export', 'add_value_form' and 'dn' variables

This commit is contained in:
Deon George 2012-09-03 07:16:34 +10:00
parent 88d41216f9
commit 74434e5ca3
3 changed files with 11 additions and 11 deletions

View File

@ -34,7 +34,7 @@ if ($request['attribute']->isReadOnly())
# Render the form
if (! strcasecmp($request['attr'],'objectclass') || get_request('meth','REQUEST') != 'ajax') {
# Render the form.
$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),$request['attr'],_('value to'),get_rdn($request['dn'])));
$request['page']->drawTitle(sprintf('%s <b>%s</b> %s <b>%s</b>',_('Add new'),htmlspecialchars($request['attr']),_('value to'),htmlspecialchars(get_rdn($request['dn']))));
$request['page']->drawSubTitle();
if (! strcasecmp($request['attr'],'objectclass')) {

View File

@ -29,12 +29,12 @@ if ($request['file']) {
header('Content-type: application/download');
header(sprintf('Content-Disposition: inline; filename="%s.%s"','export',$types['extension'].($request['export']->isCompressed() ? '.gz' : '')));
$request['export']->export();
echo $request['export']->export();
die();
} else {
print '<span style="font-size: 14px; font-family: courier;"><pre>';
$request['export']->export();
echo htmlspecialchars($request['export']->export());
print '</pre></span>';
}
?>

View File

@ -324,9 +324,9 @@ class ExportCSV extends Export {
}
if ($this->compress)
echo gzencode($output);
return gzencode($output);
else
echo $output;
return $output;
}
/**
@ -428,9 +428,9 @@ class ExportDSML extends Export {
$output .= sprintf('</dsml>%s',$this->br);
if ($this->compress)
echo gzencode($output);
return gzencode($output);
else
echo $output;
return $output;
}
}
@ -506,9 +506,9 @@ class ExportLDIF extends Export {
}
if ($this->compress)
echo gzencode($output);
return gzencode($output);
else
echo $output;
return $output;
}
/**
@ -633,9 +633,9 @@ class ExportVCARD extends Export {
}
if ($this->compress)
echo gzencode($output);
return gzencode($output);
else
echo $output;
return $output;
}
}
?>