Peter M. Groen / knowledgetree

Commit 8e876d99f42d9f4edc378200d60afc7ffe4de393

Authored by conradverm
1 parent 7fc58982

KTS-2178 

"cross site scripting"
Implemented.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@7006 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 19 additions and 8 deletions
plugins/rssplugin/KTrss.inc.php
  View file @8e876d9
@@ -186,7 +186,7 @@ class KTrss{ @@ -186,7 +186,7 @@ class KTrss{
186 if ($aDocumentList) { 186 if ($aDocumentList) {
187 foreach($aDocumentList as $documentElement){ 187 foreach($aDocumentList as $documentElement){
188 $document_id = $documentElement['id']; 188 $document_id = $documentElement['id'];
189 - $aDocumentTransactions = array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id)); 189 + $aDocumentTransactions = kt_array_merge($aDocumentTransactions, KTrss::getDocumentTransactions($document_id));
190 } 190 }
191 } 191 }
192 if ($aDocumentTransactions){ 192 if ($aDocumentTransactions){
@@ -220,8 +220,8 @@ class KTrss{ @@ -220,8 +220,8 @@ class KTrss{
220 // get information for folder 220 // get information for folder
221 function getOneFolder($iFolderId){ 221 function getOneFolder($iFolderId){
222 $aFData = KTrss::getFolderData($iFolderId); 222 $aFData = KTrss::getFolderData($iFolderId);
223 - $aFTransactions = array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId));  
224 - $aFTransactions = array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId)); 223 + $aFTransactions = kt_array_merge(KTrss::getChildrenFolderTransactions($iFolderId), KTrss::getFolderTransactions($iFolderId));
  224 + $aFTransactions = kt_array_merge($aFTransactions, KTrss::getChildrenDocumentTransactions($iFolderId));
225 225
226 $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){ 226 $code = 'if (strtotime($a[datetime]) == strtotime($b[datetime])){
227 return 0; 227 return 0;
@@ -255,6 +255,17 @@ class KTrss{ @@ -255,6 +255,17 @@ class KTrss{
255 } 255 }
256 } 256 }
257 257
  258 + function rss_sanitize($str, $do_amp=true)
  259 + {
  260 +
  261 + $result = str_replace("\\\"","\"",str_replace('\\\'','\'',htmlentities($str,ENT_NOQUOTES, 'UTF-8')));
  262 + if ($do_amp)
  263 + {
  264 + $result = str_replace('&','&',$result);
  265 + }
  266 + return $result;
  267 + }
  268 +
258 // Takes in an array as a parameter and returns rss2.0 compatible xml 269 // Takes in an array as a parameter and returns rss2.0 compatible xml
259 function arrayToXML($aItems){ 270 function arrayToXML($aItems){
260 // Build path to host 271 // Build path to host
@@ -282,7 +293,7 @@ class KTrss{ @@ -282,7 +293,7 @@ class KTrss{
282 $sTypeSelect = 'document.transactionhistory&fDocumentId'; 293 $sTypeSelect = 'document.transactionhistory&fDocumentId';
283 } 294 }
284 $feed .= "<item>\n" . 295 $feed .= "<item>\n" .
285 - "<title>".htmlentities($aItems[0][0][name],ENT_QUOTES, 'UTF-8')."</title>\n" . 296 + "<title>".KTrss::rss_sanitize($aItems[0][0][name],false)."</title>\n" .
286 "<link>".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."</link>\n" . 297 "<link>".$hostPath."action.php?kt_path_info=ktcore.actions.".$sTypeSelect."=".$aItems[0][0]['id']."</link>\n" .
287 "<description>\n" . 298 "<description>\n" .
288 "&lt;table border='0' width='90%'&gt;\n". 299 "&lt;table border='0' width='90%'&gt;\n".
@@ -298,7 +309,7 @@ class KTrss{ @@ -298,7 +309,7 @@ class KTrss{
298 "&lt;hr&gt;\n". 309 "&lt;hr&gt;\n".
299 "&lt;table width='95%'&gt;\n". 310 "&lt;table width='95%'&gt;\n".
300 "&lt;tr&gt;\n". 311 "&lt;tr&gt;\n".
301 - "&lt;td&gt;Filename: ".str_replace('&','&amp;',htmlentities($aItems[0][0][filename],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n". 312 + "&lt;td&gt;Filename: ".KTrss::rss_sanitize($aItems[0][0][filename] )."&lt;/td&gt;\n".
302 "&lt;td&gt;\n". 313 "&lt;td&gt;\n".
303 "&lt;/tr&gt;\n". 314 "&lt;/tr&gt;\n".
304 "&lt;tr&gt;\n". 315 "&lt;tr&gt;\n".
@@ -326,11 +337,11 @@ class KTrss{ @@ -326,11 +337,11 @@ class KTrss{
326 foreach($aItems[1] as $item){ 337 foreach($aItems[1] as $item){
327 $feed .= "&lt;tr&gt;\n". 338 $feed .= "&lt;tr&gt;\n".
328 "&lt;td&gt;".$item[type]." name:&lt;/td&gt;\n". 339 "&lt;td&gt;".$item[type]." name:&lt;/td&gt;\n".
329 - "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[name],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n". 340 + "&lt;td&gt;".KTrss::rss_sanitize($item[name] )."&lt;/td&gt;\n".
330 "&lt;/tr&gt;\n". 341 "&lt;/tr&gt;\n".
331 "&lt;tr&gt;\n". 342 "&lt;tr&gt;\n".
332 "&lt;td&gt;Path:&lt;/td&gt;\n". 343 "&lt;td&gt;Path:&lt;/td&gt;\n".
333 - "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[fullpath],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n". 344 + "&lt;td&gt;".KTrss::rss_sanitize($item[fullpath] )."&lt;/td&gt;\n".
334 "&lt;/tr&gt;\n". 345 "&lt;/tr&gt;\n".
335 "&lt;tr&gt;\n". 346 "&lt;tr&gt;\n".
336 "&lt;td&gt;Transaction:&lt;/td&gt;\n". 347 "&lt;td&gt;Transaction:&lt;/td&gt;\n".
@@ -338,7 +349,7 @@ class KTrss{ @@ -338,7 +349,7 @@ class KTrss{
338 "&lt;/tr&gt;\n". 349 "&lt;/tr&gt;\n".
339 "&lt;tr&gt;\n". 350 "&lt;tr&gt;\n".
340 "&lt;td&gt;Comment:&lt;/td&gt;\n". 351 "&lt;td&gt;Comment:&lt;/td&gt;\n".
341 - "&lt;td&gt;".str_replace('&','&amp;',htmlentities($item[comment],ENT_QUOTES, 'UTF-8'))."&lt;/td&gt;\n". 352 + "&lt;td&gt;".KTrss::rss_sanitize($item[comment] )."&lt;/td&gt;\n".
342 "&lt;/tr&gt;\n". 353 "&lt;/tr&gt;\n".
343 "&lt;tr&gt;\n";if($item[version]){ 354 "&lt;tr&gt;\n";if($item[version]){
344 $feed .= "&lt;td&gt;Version:&lt;/td&gt;\n". 355 $feed .= "&lt;td&gt;Version:&lt;/td&gt;\n".