Skip to content

Commit

Permalink
Merge pull request #505 from noobpk/noobpk-fix-xss
Browse files Browse the repository at this point in the history 
Fix Multiple Stored XSS on featuers 'Milestones' , 'Research', 'Retrospective' and Stored XSS via filename when upload file
  • Loading branch information
@marcelfolaron
marcelfolaron authored Nov 17, 2021
2 parents b81a3f3 + 9552c55 commit 081d45d
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 7 deletions.
2 changes: 1 addition & 1 deletion src/domain/leancanvas/templates/canvasDialog.tpl.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@

<div class="showDialogOnLoad" style="display:none;">

<h4 class="widgettitle title-light"><i class="iconfa iconfa-columns"></i> <?php echo $canvasTypes[$canvasItem['box']]; ?> <?php echo $canvasItem['description']; ?></h4>
<h4 class="widgettitle title-light"><i class="iconfa iconfa-columns"></i> <?php echo $canvasTypes[$canvasItem['box']]; ?> <?php $this->e($canvasItem['description']); ?></h4>

<?php echo $this->displayNotification(); ?>

Expand Down
2 changes: 1 addition & 1 deletion src/domain/projects/templates/showProject.tpl.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@
<?php else: ?>
<img style='max-height: 50px; max-width: 70px;' src='<?=BASE_URL ?>/images/thumbs/doc.png' />
<?php endif; ?>
<span class="filename"><?php echo $file['realName'] ?></span>
<span class="filename"><?php $this->e($file['realName']) ?></span>

</a>

Expand Down
6 changes: 3 additions & 3 deletions src/domain/retrospectives/templates/showBoards.tpl.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,7 +101,7 @@
</div>
<?php } ?>

<h4><a href="<?=BASE_URL ?>/retrospectives/retroDialog/<?php echo $row["id"];?>" class="retroModal" data="item_<?php echo $row["id"];?>"><?php echo $row["description"];?></a></h4>
<h4><a href="<?=BASE_URL ?>/retrospectives/retroDialog/<?php echo $row["id"];?>" class="retroModal" data="item_<?php echo $row["id"];?>"><?php $this->e($row["description"]);?></a></h4>

<div class="mainIdeaContent">
<?php $this->e($row["data"]); ?>
Expand Down Expand Up @@ -199,7 +199,7 @@
</div>
<?php } ?>

<h4><a href="/retrospectives/retroDialog/<?php echo $row["id"];?>" class="retroModal" data="item_<?php echo $row["id"];?>"><?php echo $row["description"];?></a></h4>
<h4><a href="/retrospectives/retroDialog/<?php echo $row["id"];?>" class="retroModal" data="item_<?php echo $row["id"];?>"><?php $this->e($row["description"]);?></a></h4>

<div class="mainIdeaContent">
<?php $this->e($row["data"]); ?>
Expand Down Expand Up @@ -297,7 +297,7 @@
</div>
<?php } ?>

<h4><a href="<?=BASE_URL ?>/retrospectives/retroDialog/<?php echo $row["id"];?>" class="retroModal" data="item_<?php echo $row["id"];?>"><?php echo $row["description"];?></a></h4>
<h4><a href="<?=BASE_URL ?>/retrospectives/retroDialog/<?php echo $row["id"];?>" class="retroModal" data="item_<?php echo $row["id"];?>"><?php $this->e($row["description"]);?></a></h4>

<div class="mainIdeaContent">
<?php $this->e($row["data"]); ?>
Expand Down
6 changes: 5 additions & 1 deletion src/domain/tickets/js/ticketsController.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ leantime.ticketsController = (function () {

var initGanttChart = function (tasks, viewMode) {

function htmlEntities(str) {
return String(str).replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
};

jQuery(document).ready(
function () {

Expand All @@ -88,7 +92,7 @@ leantime.ticketsController = (function () {
// dates and progress value
var end_date = task._end.format(leantime.i18n.__("language.momentJSDate"));
return '<div class="details-container"> ' +
'<h4><a href="'+leantime.appUrl+'/tickets/editMilestone/'+task.id+'" class="milestoneModal">'+task.name+'</a></h4><br /> ' +
'<h4><a href="'+leantime.appUrl+'/tickets/editMilestone/'+task.id+'" class="milestoneModal">'+htmlEntities(task.name)+'</a></h4><br /> ' +
'<p>'+leantime.i18n.__("text.expected_to_finish_by")+' <strong>'+end_date+'</strong><br /> ' +
''+Math.round(task.progress)+'%</p> ' +
'<a href="'+leantime.appUrl+'/tickets/editMilestone/'+task.id+'" class="milestoneModal"><span class="fa fa-map"></span> '+leantime.i18n.__("links.edit_milestone") +'</a> | ' +
Expand Down
2 changes: 1 addition & 1 deletion src/domain/tickets/templates/milestoneDialog.tpl.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
<form class="formModal" method="post" action="<?=BASE_URL ?>/tickets/editMilestone/<?php echo $currentMilestone->id ?>" style="min-width: 250px;">

<label><?=$this->__("label.milestone_title"); ?></label>
<input type="text" name="headline" value="<?php echo $currentMilestone->headline?>" placeholder="<?=$this->__("label.milestone_title"); ?>"/><br />
<input type="text" name="headline" value="<?php $this->e($currentMilestone->headline) ?>" placeholder="<?=$this->__("label.milestone_title"); ?>"/><br />

<label><?php echo $this->__('label.todo_status'); ?></label>
<select id="status-select" name="status" class="span11"
Expand Down

0 comments on commit 081d45d

Please sign in to comment.