mirror of
https://github.com/openvk/openvk
synced 2024-12-23 00:51:03 +03:00
WIP: Fix XSS vulnerability in support tickets
This commit is contained in:
parent
b1fbb7560c
commit
373513cabc
5 changed files with 12 additions and 7 deletions
|
@ -11,8 +11,9 @@ use Nette\Database\Table\Selection;
|
||||||
|
|
||||||
class Ticket extends RowModel
|
class Ticket extends RowModel
|
||||||
{
|
{
|
||||||
|
|
||||||
protected $tableName = "tickets";
|
protected $tableName = "tickets";
|
||||||
|
|
||||||
|
private $overrideContentColumn = "text";
|
||||||
|
|
||||||
function getId(): int
|
function getId(): int
|
||||||
{
|
{
|
||||||
|
|
|
@ -13,6 +13,8 @@ class TicketComment extends RowModel
|
||||||
{
|
{
|
||||||
protected $tableName = "tickets_comments";
|
protected $tableName = "tickets_comments";
|
||||||
|
|
||||||
|
private $overrideContentColumn = "text";
|
||||||
|
|
||||||
private function getSupportAlias(): ?SupportAlias
|
private function getSupportAlias(): ?SupportAlias
|
||||||
{
|
{
|
||||||
return (new SupportAliases)->get($this->getUser()->getId());
|
return (new SupportAliases)->get($this->getUser()->getId());
|
||||||
|
|
|
@ -49,8 +49,10 @@ trait TRichText
|
||||||
|
|
||||||
function getText(bool $html = true): string
|
function getText(bool $html = true): string
|
||||||
{
|
{
|
||||||
$text = htmlentities($this->getRecord()->content, ENT_DISALLOWED | ENT_XHTML);
|
$contentColumn = property_exists($this, "overrideContentColumn") ? $this->overrideContentColumn : "content";
|
||||||
$proc = iconv_strlen($this->getRecord()->content) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
|
|
||||||
|
$text = htmlentities($this->getRecord()->{$contentColumn}, ENT_DISALLOWED | ENT_XHTML);
|
||||||
|
$proc = iconv_strlen($this->getRecord()->{$contentColumn}) <= OPENVK_ROOT_CONF["openvk"]["preferences"]["wall"]["postSizes"]["processingLimit"];
|
||||||
if($html) {
|
if($html) {
|
||||||
if($proc) {
|
if($proc) {
|
||||||
$rel = $this->isAd() ? "sponsored" : "ugc";
|
$rel = $this->isAd() ? "sponsored" : "ugc";
|
||||||
|
|
|
@ -15,7 +15,7 @@
|
||||||
<br></b>Автор: <a href="/id{$ticket->getUser()->getId()}">{$ticket->getUser()->getFullName()}</a> | {$ticket->getUser()->getRegistrationIP()} | Статус: {$ticket->getStatus()}
|
<br></b>Автор: <a href="/id{$ticket->getUser()->getId()}">{$ticket->getUser()->getFullName()}</a> | {$ticket->getUser()->getRegistrationIP()} | Статус: {$ticket->getStatus()}
|
||||||
</div>
|
</div>
|
||||||
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
|
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
|
||||||
{$ticket->getContext()|noescape}
|
{$ticket->getText()|noescape}
|
||||||
<br></br>
|
<br></br>
|
||||||
</div>
|
</div>
|
||||||
<div style="padding-top: 5px;">
|
<div style="padding-top: 5px;">
|
||||||
|
@ -82,7 +82,7 @@
|
||||||
{/if}
|
{/if}
|
||||||
<div class="post-content" id="{$comment->getId()}">
|
<div class="post-content" id="{$comment->getId()}">
|
||||||
<div class="text" id="text{$comment->getId()}">
|
<div class="text" id="text{$comment->getId()}">
|
||||||
{$comment->getContext()|noescape}
|
{$comment->getText()|noescape}
|
||||||
</div>
|
</div>
|
||||||
{if $comment->getUType() === 0}
|
{if $comment->getUType() === 0}
|
||||||
<div class="post-menu">
|
<div class="post-menu">
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
<br></b>Статус: {$ticket->getStatus()}
|
<br></b>Статус: {$ticket->getStatus()}
|
||||||
</div>
|
</div>
|
||||||
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
|
<div class="text" style="padding-top: 10px;border-bottom: #ECECEC solid 1px;">
|
||||||
{$ticket->getContext()|noescape}
|
{$ticket->getText()|noescape}
|
||||||
<br></br>
|
<br></br>
|
||||||
</div>
|
</div>
|
||||||
<div style="padding-top: 5px;">
|
<div style="padding-top: 5px;">
|
||||||
|
@ -74,7 +74,7 @@
|
||||||
{/if}
|
{/if}
|
||||||
<div class="post-content" id="{$comment->getId()}">
|
<div class="post-content" id="{$comment->getId()}">
|
||||||
<div class="text" id="text{$comment->getId()}">
|
<div class="text" id="text{$comment->getId()}">
|
||||||
{$comment->getContext()|noescape}
|
{$comment->getText()|noescape}
|
||||||
</div>
|
</div>
|
||||||
{if $comment->getUType() === 0}
|
{if $comment->getUType() === 0}
|
||||||
<div class="post-menu">
|
<div class="post-menu">
|
||||||
|
|
Loading…
Reference in a new issue