Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Web] Fix XSS in app password names

andryyy 4 years ago
parent
f2ed26f026
commit
423ccb9ba9
2 changed files with 6 additions and 4 deletions
Unified View Show Diff Stats
  1. 5 4
      data/web/inc/functions.app_passwd.inc.php
  2. 1 0
      data/web/js/site/user.js

+ 5 - 4
data/web/inc/functions.app_passwd.inc.php
View File 

@@ -23,9 +23,9 @@ function app_passwd($_action, $_data = null) {
 
   }

   }

   switch ($_action) {

   switch ($_action) {

     case 'add':

     case 'add':

-      $app_name = trim($_data['app_name']);

-      $password     = $_data['app_passwd'];

-      $password2    = $_data['app_passwd2'];

+      $app_name = htmlspecialchars(trim($_data['app_name']));

+      $password = $_data['app_passwd'];

+      $password2 = $_data['app_passwd2'];

       $active = intval($_data['active']);

       $active = intval($_data['active']);

       $domain = mailbox('get', 'mailbox_details', $username)['domain'];

       $domain = mailbox('get', 'mailbox_details', $username)['domain'];

       if (empty($domain)) {

       if (empty($domain)) {

@@ -94,7 +94,7 @@ function app_passwd($_action, $_data = null) {
 
           );

           );

           continue;

           continue;

         }

         }

-        $app_name = trim($app_name);

+        $app_name = htmlspecialchars(trim($app_name));

         if (!empty($password) && !empty($password2)) {

         if (!empty($password) && !empty($password2)) {

           if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {

           if (!preg_match('/' . $GLOBALS['PASSWD_REGEP'] . '/', $password)) {

             $_SESSION['return'][] = array(

             $_SESSION['return'][] = array(

@@ -198,6 +198,7 @@ function app_passwd($_action, $_data = null) {
 
         $app_passwd_data = array();

         $app_passwd_data = array();

         return false;

         return false;

       }

       }

+      $app_passwd_data['name'] = htmlspecialchars(trim($app_passwd_data['name']));

       return $app_passwd_data;

       return $app_passwd_data;

     break;

     break;

   }

   }

+ 1 - 0
data/web/js/site/user.js
View File 

@@ -177,6 +177,7 @@ jQuery(function($){
 
         },

         },

         success: function (data) {

         success: function (data) {

           $.each(data, function (i, item) {

           $.each(data, function (i, item) {

+            item.name = escapeHtml(item.name);

             if (acl_data.app_passwds === 1) {

             if (acl_data.app_passwds === 1) {

               item.action = '<div class="btn-group">' +

               item.action = '<div class="btn-group">' +

                 '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +

                 '<a href="/edit/app-passwd/' + item.id + '" class="btn btn-xs btn-default"><span class="glyphicon glyphicon-pencil"></span> ' + lang.edit + '</a>' +