Peter M. Groen / knowledgetree

Commit 8e876d99f42d9f4edc378200d60afc7ffe4de393

Authored by conradverm
1 parent 7fc58982

KTS-2178 

"cross site scripting"
Implemented.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7006 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 19 additions and 8 deletions
plugins/rssplugin/KTrss.inc.php
  View file @8e876d9
... ... @@ -186,7 +186,7 @@ class KTrss{
186 186 if ($aDocumentList) {
187 187 foreach($aDocumentList as $documentElement){
188 188 $document_id = $documentElement['id'];
189   - $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id));
  189 + $aDocumentTransactions = kt_array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id));
190 190 }
191 191 }
192 192 if ($aDocumentTransactions){
... ... @@ -220,8 +220,8 @@ class KTrss{
220 220 // get information for folder
221 221 function getOneFolder($iFolderId){
222 222 $aFData = KTrss::getFolderData($iFolderId);
223   - $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId));
224   - $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId));
  223 + $aFTransactions = kt_array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId));
  224 + $aFTransactions = kt_array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId));
225 225  
226 226 $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){
227 227 return 0;
... ... @@ -255,6 +255,17 @@ class KTrss{
255 255 }
256 256 }
257 257  
  258 + function rss_sanitize($str, $do_amp=true)
  259 + {
  260 +
  261 + $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlentities($str,ENT_NOQUOTES, 'UTF-8')));
  262 + if ($do_amp)
  263 + {
  264 + $result = str_replace('&','&',$result);
  265 + }
  266 + return $result;
  267 + }
  268 +
258 269 // Takes in an array as a parameter and returns rss2.0 compatible xml
259 270 function arrayToXML($aItems){
260 271 // Build path to host
... ... @@ -282,7 +293,7 @@ class KTrss{
282 293 $sTypeSelect = 'document.transactionhistory&fDocumentId';
283 294 }
284 295 $feed .= "<item>\n" .
285   - "<title>".htmlentities($aItems[0][0][name],ENT_QUOTES, 'UTF-8')."</title>\n" .
  296 + "<title>".KTrss::rss_sanitize($aItems[0][0][name],false)."</title>\n" .
286 297 "<link>".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."</link>\n" .
287 298 "<description>\n" .
288 299 "&lt;table border='0' width='90%'&gt;\n".
... ... @@ -298,7 +309,7 @@ class KTrss{
298 309 "&lt;hr&gt;\n".
299 310 "&lt;table width='95%'&gt;\n".
300 311 "&lt;tr&gt;\n".
301   - "&lt;td&gt;Filename: ".str_replace('&','&amp;',htmlentities($aItems[0][0][filename],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
  312 + "&lt;td&gt;Filename: ".KTrss::rss_sanitize($aItems[0][0][filename] )."&lt;/td&gt;\n".
302 313 "&lt;td&gt;\n".
303 314 "&lt;/tr&gt;\n".
304 315 "&lt;tr&gt;\n".
... ... @@ -326,11 +337,11 @@ class KTrss{
326 337 foreach($aItems[1] as $item){
327 338 $feed .= "&lt;tr&gt;\n".
328 339 "&lt;td&gt;".$item[type]." name:&lt;/td&gt;\n".
329   - "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[name],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
  340 + "&lt;td&gt;".KTrss::rss_sanitize($item[name] )."&lt;/td&gt;\n".
330 341 "&lt;/tr&gt;\n".
331 342 "&lt;tr&gt;\n".
332 343 "&lt;td&gt;Path:&lt;/td&gt;\n".
333   - "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[fullpath],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
  344 + "&lt;td&gt;".KTrss::rss_sanitize($item[fullpath] )."&lt;/td&gt;\n".
334 345 "&lt;/tr&gt;\n".
335 346 "&lt;tr&gt;\n".
336 347 "&lt;td&gt;Transaction:&lt;/td&gt;\n".
... ... @@ -338,7 +349,7 @@ class KTrss{
338 349 "&lt;/tr&gt;\n".
339 350 "&lt;tr&gt;\n".
340 351 "&lt;td&gt;Comment:&lt;/td&gt;\n".
341   - "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[comment],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n".
  352 + "&lt;td&gt;".KTrss::rss_sanitize($item[comment] )."&lt;/td&gt;\n".
342 353 "&lt;/tr&gt;\n".
343 354 "&lt;tr&gt;\n";if($item[version]){
344 355 $feed .= "&lt;td&gt;Version:&lt;/td&gt;\n".
... ...