r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Remove HTML and PHP tags from the users,categories and tags fields, prevent XSS

This commit is contained in:
Diego Najar 2019-10-12 11:35:35 +02:00
parent bc79794784
commit 4f3f40a6c4
3 changed files with 17 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bl-kernel/abstract/dblist.class.php
View File

@ -80,9 +80,9 @@ class dbList extends dbJSON
{ {
$key = $this->generateKey($args['name']); $key = $this->generateKey($args['name']);
$this->db[$key]['name'] = $args['name']; $this->db[$key]['name'] = Sanitize::removeTags($args['name']);
$this->db[$key]['template'] = isset($args['template'])?$args['template']:''; $this->db[$key]['template'] = isset($args['template'])?Sanitize::removeTags($args['template']):'';
$this->db[$key]['description'] = isset($args['description'])?$args['description']:''; $this->db[$key]['description'] = isset($args['description'])?Sanitize::removeTags($args['description']):'';
$this->db[$key]['list'] = isset($args['list'])?$args['list']:array(); $this->db[$key]['list'] = isset($args['list'])?$args['list']:array();
$this->sortAlphanumeric(); $this->sortAlphanumeric();
@ -110,9 +110,9 @@ class dbList extends dbJSON
return false; return false;
} }
$this->db[$args['newKey']]['name'] = $args['name']; $this->db[$args['newKey']]['name'] = Sanitize::removeTags($args['name']);
$this->db[$args['newKey']]['template'] = isset($args['template'])?$args['template']:''; $this->db[$args['newKey']]['template'] = isset($args['template'])?Sanitize::removeTags($args['template']):'';
$this->db[$args['newKey']]['description'] = isset($args['description'])?$args['description']:''; $this->db[$args['newKey']]['description'] = isset($args['description'])?Sanitize::removeTags($args['description']):'';
$this->db[$args['newKey']]['list'] = $this->db[$args['oldKey']]['list']; $this->db[$args['newKey']]['list'] = $this->db[$args['oldKey']]['list'];
// Remove the old category // Remove the old category

4
bl-kernel/helpers/sanitize.class.php
View File

@ -2,7 +2,9 @@
class Sanitize { class Sanitize {
// new public static function removeTags($text) {
return strip_tags($text);
}
// Convert special characters to HTML entities // Convert special characters to HTML entities
public static function html($text) public static function html($text)

10
bl-kernel/users.class.php
View File

@ -69,8 +69,11 @@ class Users extends dbJSON {
$row = array(); $row = array();
foreach ($this->dbFields as $field=>$value) { foreach ($this->dbFields as $field=>$value) {
if (isset($args[$field])) { if (isset($args[$field])) {
$finalValue = $args[$field];
// Remove HTML and PHP tags
$finalValue = Sanitize::removeTags($finalValue);
// Sanitize if will be stored on database // Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]); $finalValue = Sanitize::html($finalValue);
} else { } else {
// Default value for the field if not defined // Default value for the field if not defined
$finalValue = $value; $finalValue = $value;
@ -100,8 +103,11 @@ class Users extends dbJSON {
foreach ($this->dbFields as $field=>$value) { foreach ($this->dbFields as $field=>$value) {
if ($field!=='password') { if ($field!=='password') {
if (isset($args[$field])) { if (isset($args[$field])) {
$finalValue = $args[$field];
// Remove HTML and PHP tags
$finalValue = Sanitize::removeTags($finalValue);
// Sanitize if will be stored on database // Sanitize if will be stored on database
$finalValue = Sanitize::html($args[$field]); $finalValue = Sanitize::html($finalValue);
} else { } else {
// Default value is the current one // Default value is the current one
$finalValue = $row[$field]; $finalValue = $row[$field];