Filter conf_group, subgroup, and sub_group parameters (potential XSS, reported by Aung Khant, YGN Ethical Hacker Group) geeklog_1_7_1_1
authorDirk Haun <dirk@haun-online.de>
Sun, 02 Jan 2011 10:10:28 +0100
branchgeeklog_1_7_1_1
changeset 803320a98e6bab20
parent 8001 be281d9fa515
child 8034 8d1c260d9873
Filter conf_group, subgroup, and sub_group parameters (potential XSS, reported by Aung Khant, YGN Ethical Hacker Group)
public_html/admin/configuration.php
     1.1 --- a/public_html/admin/configuration.php	Sun Oct 31 09:43:15 2010 +0100
     1.2 +++ b/public_html/admin/configuration.php	Sun Jan 02 10:10:28 2011 +0100
     1.3 @@ -128,7 +128,7 @@
     1.4  $display = '';
     1.5  
     1.6  $conf_group = array_key_exists('conf_group', $_POST)
     1.7 -            ? $_POST['conf_group'] : 'Core';
     1.8 +            ? COM_applyFilter($_POST['conf_group']) : 'Core';
     1.9  $config =& config::get_instance();
    1.10  
    1.11  if (array_key_exists('set_action', $_POST) && SEC_checkToken()){
    1.12 @@ -139,8 +139,9 @@
    1.13              $config->unset_param($_POST['name'], $conf_group);
    1.14          }
    1.15      }
    1.16 -    $display = $config->get_ui($conf_group, array_key_exists('subgroup', $_POST)
    1.17 -                                            ?  $_POST['subgroup'] : null);
    1.18 +    $subgroup = array_key_exists('subgroup', $_POST)
    1.19 +              ? COM_applyFilter($_POST['subgroup']) : null;
    1.20 +    $display = $config->get_ui($conf_group, $subgroup);
    1.21  } elseif (array_key_exists('form_submit', $_POST) && SEC_checkToken()) {
    1.22      $result = null;
    1.23      if (! array_key_exists('form_reset', $_POST)) {
    1.24 @@ -151,10 +152,13 @@
    1.25              PLG_configChange($conf_group, array_keys($result));
    1.26          }
    1.27      }
    1.28 -    $display = $config->get_ui($conf_group, $_POST['sub_group'], $result);
    1.29 +    $sub_group = array_key_exists('sub_group', $_POST)
    1.30 +               ? COM_applyFilter($_POST['sub_group']) : '0';
    1.31 +    $display = $config->get_ui($conf_group, $sub_group, $result);
    1.32  } else {
    1.33 -    $display = $config->get_ui($conf_group, array_key_exists('subgroup', $_POST)
    1.34 -                                            ?  $_POST['subgroup'] : null);
    1.35 +    $subgroup = array_key_exists('subgroup', $_POST)
    1.36 +              ? COM_applyFilter($_POST['subgroup']) : null;
    1.37 +    $display = $config->get_ui($conf_group, $subgroup);
    1.38  }
    1.39  
    1.40  COM_output($display);