mirror of
https://github.com/openvk/openvk
synced 2024-12-23 00:51:03 +03:00
WIP: Fix XSS vulnerability in support tickets
This commit is contained in:
parent
b1fbb7560c
commit
373513cabc
5 changed files with 12 additions and 7 deletions
|
@ -11,8 +11,9 @@ use Nette\Database\Table\Selection;
|
|||
|
||||
class Ticket extends RowModel
|
||||
{
|
||||
|
||||
protected $tableName = "tickets";
|
||||
|
||||
private $overrideContentColumn = "text";
|
||||
|
||||
function getId(): int
|
||||
{
|
||||
|
|
|
@ -13,6 +13,8 @@ class TicketComment extends RowModel
|
|||
{
|
||||
protected $tableName = "tickets_comments";
|
||||
|
||||
private $overrideContentColumn = "text";
|
||||
|
||||
private function getSupportAlias(): ?SupportAlias
|
||||
{
|
||||
return (new SupportAliases)->get($this->getUser()->getId());
|
||||
|
|
|
@ -49,8 +49,10 @@ trait TRichText
|
|||
|
||||
function getText(bool $html = true): string
|
||||
{
|
||||
$text = htmlentities($this->getRecord()->content, ENT_DISALLOWED | ENT_XHTML);
|
||||
$proc = iconv_strlen($this->getRecord()->content) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
|
||||
$contentColumn = property_exists($this, "overrideContentColumn") ? $this->overrideContentColumn : "content";
|
||||
|
||||
$text = htmlentities($this->getRecord()->{$contentColumn}, ENT_DISALLOWED | ENT_XHTML);
|
||||
$proc = iconv_strlen($this->getRecord()->{$contentColumn}) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
|
||||
if($html) {
|
||||
if($proc) {
|
||||
$rel = $this->isAd() ? "sponsored" : "ugc";
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
<br></b>Автор: <a href="/id{$ticket->getUser()->getId()}">{$ticket->getUser()->getFullName()}</a> | {$ticket->getUser()->getRegistrationIP()} | Статус: {$ticket->getStatus()}
|
||||
</div>
|
||||
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
|
||||
{$ticket->getContext()|noescape}
|
||||
{$ticket->getText()|noescape}
|
||||
<br></br>
|
||||
</div>
|
||||
<div style="padding-top: 5px;">
|
||||
|
@ -82,7 +82,7 @@
|
|||
{/if}
|
||||
<div class="post-content" id="{$comment->getId()}">
|
||||
<div class="text" id="text{$comment->getId()}">
|
||||
{$comment->getContext()|noescape}
|
||||
{$comment->getText()|noescape}
|
||||
</div>
|
||||
{if $comment->getUType() === 0}
|
||||
<div class="post-menu">
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
<br></b>Статус: {$ticket->getStatus()}
|
||||
</div>
|
||||
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
|
||||
{$ticket->getContext()|noescape}
|
||||
{$ticket->getText()|noescape}
|
||||
<br></br>
|
||||
</div>
|
||||
<div style="padding-top: 5px;">
|
||||
|
@ -74,7 +74,7 @@
|
|||
{/if}
|
||||
<div class="post-content" id="{$comment->getId()}">
|
||||
<div class="text" id="text{$comment->getId()}">
|
||||
{$comment->getContext()|noescape}
|
||||
{$comment->getText()|noescape}
|
||||
</div>
|
||||
{if $comment->getUType() === 0}
|
||||
<div class="post-menu">
|
||||
|
|
Loading…
Reference in a new issue