WIP: Fix XSS vulnerability in support tickets

2024-09-21 08:36:17 +03:00 · 2021-11-17 21:39:22 +02:00 · 2021-11-17 21:39:22 +02:00 · 373513cabc
commit 373513cabc
parent b1fbb7560c
5 changed files with 12 additions and 7 deletions
--- a/Web/Models/Entities/Ticket.php
+++ b/Web/Models/Entities/Ticket.php
@ -11,8 +11,9 @@ use Nette\Database\Table\Selection;

 class Ticket extends RowModel
 {
-    
    protected $tableName = "tickets";
+    
+    private $overrideContentColumn = "text";

    function getId(): int
    {
--- a/Web/Models/Entities/TicketComment.php
+++ b/Web/Models/Entities/TicketComment.php
@ -13,6 +13,8 @@ class TicketComment extends RowModel
 {
    protected $tableName = "tickets_comments";
    
+    private $overrideContentColumn = "text";
+    
    private function getSupportAlias(): ?SupportAlias
    {
        return (new SupportAliases)->get($this->getUser()->getId());
--- a/Web/Models/Entities/Traits/TRichText.php
+++ b/Web/Models/Entities/Traits/TRichText.php
@ -49,8 +49,10 @@ trait TRichText
    
    function getText(bool $html = true): string
    {
-        $text = htmlentities($this->getRecord()->content, ENT_DISALLOWED | ENT_XHTML);
-        $proc = iconv_strlen($this->getRecord()->content) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
+        $contentColumn = property_exists($this, "overrideContentColumn") ? $this->overrideContentColumn : "content";
+        
+        $text = htmlentities($this->getRecord()->{$contentColumn}, ENT_DISALLOWED | ENT_XHTML);
+        $proc = iconv_strlen($this->getRecord()->{$contentColumn}) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
        if($html) {
            if($proc) {
                $rel  = $this->isAd() ? "sponsored" : "ugc";
--- a/Web/Presenters/templates/Support/AnswerTicket.xml
+++ b/Web/Presenters/templates/Support/AnswerTicket.xml
@ -15,7 +15,7 @@
    <br></b>Автор: <a href="/id{$ticket->getUser()->getId()}">{$ticket->getUser()->getFullName()}</a> | {$ticket->getUser()->getRegistrationIP()} | Статус: {$ticket->getStatus()}
 </div>
 <div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
-    {$ticket->getContext()|noescape}
+    {$ticket->getText()|noescape}
    <br></br>
 </div>
 <div style="padding-top: 5px;">
@ -82,7 +82,7 @@
            {/if}
            <div class="post-content" id="{$comment->getId()}">
               <div class="text" id="text{$comment->getId()}">
-                      {$comment->getContext()|noescape}
+                      {$comment->getText()|noescape}
               </div>
               {if $comment->getUType() === 0}
               <div class="post-menu">
--- a/Web/Presenters/templates/Support/View.xml
+++ b/Web/Presenters/templates/Support/View.xml
@ -16,7 +16,7 @@
    <br></b>Статус: {$ticket->getStatus()}
 </div>
 <div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
-    {$ticket->getContext()|noescape}
+    {$ticket->getText()|noescape}
    <br></br>
 </div>
 <div style="padding-top: 5px;">
@ -74,7 +74,7 @@
            {/if}
            <div class="post-content" id="{$comment->getId()}">
               <div class="text" id="text{$comment->getId()}">
-                      {$comment->getContext()|noescape}
+                      {$comment->getText()|noescape}
               </div>
               {if $comment->getUType() === 0}
               <div class="post-menu">