Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-26 06:30:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix several vulnerabilities (#13927)

Browse source 
* Escape HTML in the location field of a calendar event post

- This allowed script tags to be interpreted in the post display of an event.

* Add form security token check to /admin/phpinfo module

- This prevents basic XSS attacks against /admin/phpinfo

* Add form security token check to /babel module

- This prevents basic XSS attacks against /babel

* Prevent pass-through for attachments

- This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload

* Prevent overwriting cid on event edit

- This allowed to share an event as any other user after zeroing the cid field of an existing event
This commit is contained in:
Hypolite Petovan 2024-02-22 00:53:52 -05:00 committed by GitHub
parent fc3898fe64
commit 5c5d7eb04f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 26 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

28
src/Module/Debug/Babel.php
View file

@ -43,10 +43,11 @@ class Babel extends BaseModule
}
$results = [];
if (!empty($_REQUEST['text'])) {
switch (($_REQUEST['type'] ?? '') ?: 'bbcode') {
if (!empty($request['text'])) {
self::checkFormSecurityTokenForbiddenOnError('babel');
switch (($request['type'] ?? '') ?: 'bbcode') {
case 'bbcode':
$bbcode = $_REQUEST['text'];
$bbcode = $request['text'];
$results[] = [
'title' => DI::l10n()->t('Source input'),
'content' => visible_whitespace($bbcode)
@ -136,7 +137,7 @@ class Babel extends BaseModule
];
break;
case 'diaspora':
$diaspora = trim($_REQUEST['text']);
$diaspora = trim($request['text']);
$results[] = [
'title' => DI::l10n()->t('Source input (Diaspora format)'),
'content' => visible_whitespace($diaspora),
@ -144,7 +145,7 @@ class Babel extends BaseModule
$markdown = XML::unescape($diaspora);
case 'markdown':
$markdown = $markdown ?? trim($_REQUEST['text']);
$markdown = $markdown ?? trim($request['text']);
$results[] = [
'title' => DI::l10n()->t('Source input (Markdown)'),
@ -169,7 +170,7 @@ class Babel extends BaseModule
];
break;
case 'html' :
$html = trim($_REQUEST['text']);
$html = trim($request['text']);
$results[] = [
'title' => DI::l10n()->t('Raw HTML input'),
'content' => visible_whitespace($html),
@ -239,7 +240,7 @@ class Babel extends BaseModule
];
break;
case 'twitter':
$json = trim($_REQUEST['text']);
$json = trim($request['text']);
if (file_exists('addon/twitter/twitter.php')) {
require_once 'addon/twitter/twitter.php';
@ -302,13 +303,14 @@ class Babel extends BaseModule
$tpl = Renderer::getMarkupTemplate('babel.tpl');
$o = Renderer::replaceMacros($tpl, [
'$title' => DI::l10n()->t('Babel Diagnostic'),
'$text' => ['text', DI::l10n()->t('Source text'), $_REQUEST['text'] ?? '', ''],
'$type_bbcode' => ['type', DI::l10n()->t('BBCode'), 'bbcode', '', (($_REQUEST['type'] ?? '') ?: 'bbcode') == 'bbcode'],
'$type_diaspora' => ['type', DI::l10n()->t('Diaspora'), 'diaspora', '', (($_REQUEST['type'] ?? '') ?: 'bbcode') == 'diaspora'],
'$type_markdown' => ['type', DI::l10n()->t('Markdown'), 'markdown', '', (($_REQUEST['type'] ?? '') ?: 'bbcode') == 'markdown'],
'$type_html' => ['type', DI::l10n()->t('HTML'), 'html', '', (($_REQUEST['type'] ?? '') ?: 'bbcode') == 'html'],
'$form_security_token' => self::getFormSecurityToken('babel'),
'$text' => ['text', DI::l10n()->t('Source text'), $request['text'] ?? '', ''],
'$type_bbcode' => ['type', DI::l10n()->t('BBCode'), 'bbcode', '', (($request['type'] ?? '') ?: 'bbcode') == 'bbcode'],
'$type_diaspora' => ['type', DI::l10n()->t('Diaspora'), 'diaspora', '', (($request['type'] ?? '') ?: 'bbcode') == 'diaspora'],
'$type_markdown' => ['type', DI::l10n()->t('Markdown'), 'markdown', '', (($request['type'] ?? '') ?: 'bbcode') == 'markdown'],
'$type_html' => ['type', DI::l10n()->t('HTML'), 'html', '', (($request['type'] ?? '') ?: 'bbcode') == 'html'],
'$flag_twitter' => file_exists('addon/twitter/twitter.php'),
'$type_twitter' => ['type', DI::l10n()->t('Twitter Source / Tweet URL (requires API key)'), 'twitter', '', (($_REQUEST['type'] ?? '') ?: 'bbcode') == 'twitter'],
'$type_twitter' => ['type', DI::l10n()->t('Twitter Source / Tweet URL (requires API key)'), 'twitter', '', (($request['type'] ?? '') ?: 'bbcode') == 'twitter'],
'$results' => $results,
'$submit' => DI::l10n()->t('Submit'),
]);