3.0.10

Fix for #3779, #3775
Fix for improper handling of input in admin setting pages

Author: nilsteampassnet

includes/js/functions.js

@@ -395,10 +395,10 @@ function simplePurifier(
     bHtml = false,
     bSvg = false,
     bSvgFilters = false
-)
+) 
 {
     return DOMPurify.sanitize(
-        text
+        sanitizeDom(text)
             .replaceAll('&lt;', '<')
             .replaceAll('&#x3C;', '<')
             .replaceAll('&#60;', '<')
@@ -515,6 +515,7 @@ function fieldDomPurifierWithWarning(
     bHtml = false,
     bSvg = false,
     bSvgFilters = false,
+    bSetting = false,
 )
 {
     if (field === undefined || field === '') {
@@ -523,10 +524,22 @@ function fieldDomPurifierWithWarning(
     if ($(field).val() === '') {
         return '';
     }
-    let string = '';
+    let string = '',
+        currentString = $(field).val();
+
+    // if bSetting is true, we use the setting value
+    // remove any closing ', string that could corrupt the setting
+    if (bSetting === true) {
+        currentString = currentString.replace(/',/g, '');
+    }
 
     // Purify string
-    string = simplePurifier($(field).val(), bHtml, bSvg, bSvgFilters);
+    string = simplePurifier(
+        sanitizeDom(currentString),
+        bHtml,
+        bSvg,
+        bSvgFilters
+    );
 
     // Clear field if string is empty and warn user
     if (string === '') {
@@ -543,4 +556,12 @@ function fieldDomPurifierWithWarning(
     }
 
     return string;
+}
+
+const sanitizeDom = (str) => {
+    const div = document.createElement('div');
+    div.textContent = str;
+    newString = div.innerHTML;
+    div.remove();
+    return newString;
 }

includes/libraries/anti-xss-master/src/voku/helper/AntiXSS.php

@@ -455,6 +455,7 @@ public function __construct()
     {
         $this->_initNeverAllowedStr();
         $this->_initNeverAllowedRegex();
+        UTF8::checkForSupport();
     }
 
     /**

pages/2fa.js.php

@@ -55,34 +55,15 @@
 <script type='text/javascript'>
     //<![CDATA[
 
-    console.log('2FA loaded')
-
-    $(document).on('click', '.generate-key', function() {
-        var size = $(this).data('length'),
-            target = $(this).closest('.input-group').find('input').attr('id');
-
-        $.post(
-            'sources/main.queries.php', {
-                type: 'generate_new_key',
-                type_category: 'action_key',
-                size: size
-            },
-            function(data) {
-                $('#' + target).val(data[0].key);
-            },
-            'json'
-        );
-    })
-
-
     $(document).on('click', '#button-duo-config-check', function() {
-        var data = "{\"ikey\":\"" + sanitizeString($("#duo_ikey").val()) + "\", \"skey\":\"" + sanitizeString($("#duo_skey").val()) + "\", \"host\":\"" + sanitizeString($("#duo_host").val()) + "\"}";
+        toastr
+            .info('<?php echo langHdl('loading_item'); ?> ... <i class="fas fa-circle-notch fa-spin fa-2x"></i>');
 
         // Prepare data
         var data = {
-            'duo_ikey': $('#duo_ikey').val(),
-            'duo_skey': $('#duo_skey').val(),
-            'duo_host': $('#duo_host').val()
+            'duo_ikey': sanitizeString($('#duo_ikey').val()),
+            'duo_skey': sanitizeString($('#duo_skey').val()),
+            'duo_host': sanitizeString($('#duo_host').val())
         }
         console.log(data);
 
@@ -110,7 +91,7 @@ function(data) {
                 } else {
                     // Inform user
                     toastr.remove();
-                    toastr.info(
+                    toastr.success(
                         '<?php echo langHdl('duo-config-check-success'); ?>',
                         '', {
                             timeOut: 5000

pages/2fa.php

@@ -157,7 +157,7 @@
                                         </small>
                                     </div>
                                     <div class="col-3">
-                                        <input type="text" class="form-control form-control-sm" id="ga_website_name" value="<?php echo isset($SETTINGS['ga_website_name']) === true ? $SETTINGS['ga_website_name'] : ''; ?>">
+                                        <input type="text" class="form-control form-control-sm purify" data-field="label" id="ga_website_name" value="<?php echo isset($SETTINGS['ga_website_name']) === true ? $SETTINGS['ga_website_name'] : ''; ?>">
                                     </div>
                                 </div>
 
@@ -205,23 +205,23 @@
                                         <?php echo langHdl('admin_duo_ikey'); ?>
                                     </div>
                                     <div class="col-7">
-                                        <input type="text" class="form-control form-control-sm" id="duo_ikey" value="<?php echo isset($SETTINGS['duo_ikey']) === true ? $SETTINGS['duo_ikey'] : ''; ?>">
+                                        <input type="text" class="form-control form-control-sm purify" data-field="label" id="duo_ikey" value="<?php echo isset($SETTINGS['duo_ikey']) === true ? $SETTINGS['duo_ikey'] : ''; ?>">
                                     </div>
                                 </div>
                                 <div class="row mb-2">
                                     <div class="col-5">
                                         <?php echo langHdl('admin_duo_skey'); ?>
                                     </div>
                                     <div class="col-7">
-                                        <input type="text" class="form-control form-control-sm" id="duo_skey" value="<?php echo isset($SETTINGS['duo_skey']) === true ? $SETTINGS['duo_skey'] : ''; ?>">
+                                        <input type="text" class="form-control form-control-sm purify" data-field="label" id="duo_skey" value="<?php echo isset($SETTINGS['duo_skey']) === true ? $SETTINGS['duo_skey'] : ''; ?>">
                                     </div>
                                 </div>
                                 <div class="row mb-2">
                                     <div class="col-5">
                                         <?php echo langHdl('admin_duo_host'); ?>
                                     </div>
                                     <div class="col-7">
-                                        <input type="text" class="form-control form-control-sm" id="duo_host" value="<?php echo isset($SETTINGS['duo_host']) === true ? $SETTINGS['duo_host'] : ''; ?>">
+                                        <input type="text" class="form-control form-control-sm purify" data-field="label" id="duo_host" value="<?php echo isset($SETTINGS['duo_host']) === true ? $SETTINGS['duo_host'] : ''; ?>">
                                     </div>
                                 </div>
 

pages/admin.js.php

@@ -135,7 +135,7 @@ function(data) {
         }
 
         // Sanitize value
-        value = fieldDomPurifierWithWarning('#' + field);
+        value = fieldDomPurifierWithWarning('#' + field, false, false, false, true);
         if (value === false) {
             return false;
         }

pages/users.js.php

@@ -898,7 +898,7 @@ function(data) {
 
                 // Mandatory?
                 var validated = true,
-                    validEmailRegex = /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,3})+$/;
+                    validEmailRegex = /^\w+([\.-]?\w+)*@\w+([\.-]?\w+)*(\.\w{2,15})+$/;
                 $('.required').each(function(i, obj) {
                     if ($(this).val() === '' && $(this).hasClass('select2') === false) {
                         $(this).addClass('is-invalid');

sources/logs.datatables.php

@@ -838,7 +838,7 @@
     }
 } elseif (isset($_GET['action']) && $_GET['action'] === 'tasks_in_progress') {
     //Columns name
-    $aColumns = ['increment_id', 'created_at', 'updated_at', 'process_type', 'is_in_progress'];
+    $aColumns = ['p.increment_id', 'p.created_at', 'p.updated_at', 'p.process_type', 'p.is_in_progress'];
     //Ordering
     if (isset($_GET['order'][0]['dir']) === true
         && in_array($_GET['order'][0]['dir'], $aSortTypes) === true
@@ -854,7 +854,7 @@
             $aColumns[0].' DESC';
     }
 
-    $sWhere = ' WHERE ((finished_at = "")';
+    $sWhere = ' WHERE ((p.finished_at = "")';
     if (isset($_GET['search']['value']) === true && $_GET['search']['value'] !== '') {
         $sWhere .= ' AND (';
         for ($i = 0; $i < count($aColumns); ++$i) {
@@ -865,13 +865,13 @@
     $sWhere .= ') ';
     DB::debugmode(false);
     $iTotal = DB::queryFirstField(
-    'SELECT COUNT(increment_id)
+    'SELECT COUNT(p.increment_id)
         FROM '.prefixTable('processes').' AS p 
         LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
         $sWhere
     );
     $rows = DB::query(
-        'SELECT *
+        'SELECT p.*
             FROM '.prefixTable('processes').' AS p 
             LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
             $sWhere.
@@ -951,14 +951,14 @@
 
     DB::debugmode(false);
     $iTotal = DB::queryFirstField(
-        'SELECT COUNT(increment_id)
+        'SELECT COUNT(p.increment_id)
             FROM '.prefixTable('processes').' AS p 
             LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
             $sWhere
     );
 
     $rows = DB::query(
-        'SELECT *
+        'SELECT p.*
             FROM '.prefixTable('processes').' AS p 
             LEFT JOIN '.prefixTable('users').' AS u ON u.id = json_extract(p.arguments, "$[0]")'.
             $sWhere.