Lanmikeman/openvk
Lanmikeman/openvk
1
1
Fork 0
mirror of https://github.com/openvk/openvk synced 2024-09-21 08:36:17 +03:00
Code Issues Projects Releases Packages Wiki Activity

WIP: Fix XSS vulnerability in support tickets

Browse source
This commit is contained in:
Celestora 2021-11-17 21:39:22 +02:00
parent b1fbb7560c
commit 373513cabc
5 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Web/Models/Entities/Ticket.php
View file

@ -11,9 +11,10 @@ use Nette\Database\Table\Selection;
class Ticket extends RowModel class Ticket extends RowModel
{ {
protected $tableName = "tickets"; protected $tableName = "tickets";
private $overrideContentColumn = "text";
function getId(): int function getId(): int
{ {
return $this->getRecord()->id; return $this->getRecord()->id;

2
Web/Models/Entities/TicketComment.php
View file

@ -13,6 +13,8 @@ class TicketComment extends RowModel
{ {
protected $tableName = "tickets_comments"; protected $tableName = "tickets_comments";
private $overrideContentColumn = "text";
private function getSupportAlias(): ?SupportAlias private function getSupportAlias(): ?SupportAlias
{ {
return (new SupportAliases)->get($this->getUser()->getId()); return (new SupportAliases)->get($this->getUser()->getId());

6
Web/Models/Entities/Traits/TRichText.php
View file

@ -49,8 +49,10 @@ trait TRichText
function getText(bool $html = true): string function getText(bool $html = true): string
{ {
$text = htmlentities($this->getRecord()->content, ENT_DISALLOWED | ENT_XHTML); $contentColumn = property_exists($this, "overrideContentColumn") ? $this->overrideContentColumn : "content";
$proc = iconv_strlen($this->getRecord()->content) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
$text = htmlentities($this->getRecord()->{$contentColumn}, ENT_DISALLOWED | ENT_XHTML);
$proc = iconv_strlen($this->getRecord()->{$contentColumn}) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
if($html) { if($html) {
if($proc) { if($proc) {
$rel = $this->isAd() ? "sponsored" : "ugc"; $rel = $this->isAd() ? "sponsored" : "ugc";

4
Web/Presenters/templates/Support/AnswerTicket.xml
View file

@ -15,7 +15,7 @@
<br></b>Автор: <a href="/id{$ticket->getUser()->getId()}">{$ticket->getUser()->getFullName()}</a> | {$ticket->getUser()->getRegistrationIP()} | Статус: {$ticket->getStatus()} <br></b>Автор: <a href="/id{$ticket->getUser()->getId()}">{$ticket->getUser()->getFullName()}</a> | {$ticket->getUser()->getRegistrationIP()} | Статус: {$ticket->getStatus()}
</div> </div>
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;"> <div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
{$ticket->getContext()|noescape} {$ticket->getText()|noescape}
<br></br> <br></br>
</div> </div>
<div style="padding-top: 5px;"> <div style="padding-top: 5px;">
@ -82,7 +82,7 @@
{/if} {/if}
<div class="post-content" id="{$comment->getId()}"> <div class="post-content" id="{$comment->getId()}">
<div class="text" id="text{$comment->getId()}"> <div class="text" id="text{$comment->getId()}">
{$comment->getContext()|noescape} {$comment->getText()|noescape}
</div> </div>
{if $comment->getUType() === 0} {if $comment->getUType() === 0}
<div class="post-menu"> <div class="post-menu">

4
Web/Presenters/templates/Support/View.xml
View file

@ -16,7 +16,7 @@
<br></b>Статус: {$ticket->getStatus()} <br></b>Статус: {$ticket->getStatus()}
</div> </div>
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;"> <div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
{$ticket->getContext()|noescape} {$ticket->getText()|noescape}
<br></br> <br></br>
</div> </div>
<div style="padding-top: 5px;"> <div style="padding-top: 5px;">
@ -74,7 +74,7 @@
{/if} {/if}
<div class="post-content" id="{$comment->getId()}"> <div class="post-content" id="{$comment->getId()}">
<div class="text" id="text{$comment->getId()}"> <div class="text" id="text{$comment->getId()}">
{$comment->getContext()|noescape} {$comment->getText()|noescape}
</div> </div>
{if $comment->getUType() === 0} {if $comment->getUType() === 0}
<div class="post-menu"> <div class="post-menu">