Security - Fix XSS attack vector in user profile - reported by Javier Bloem

ywarnier · ywarnier · commit a22589a9b909 · 2014-05-06T19:24:04.000-05:00
diff --git a/main/auth/profile.php b/main/auth/profile.php
@@ -143,6 +143,7 @@ function show_icon_edit(element_html) {
 }
 $form->applyFilter(array('lastname', 'firstname'), 'stripslashes');
 $form->applyFilter(array('lastname', 'firstname'), 'trim');
+$form->applyFilter(array('lastname', 'firstname'), 'html_filter');
 $form->addRule('lastname' , get_lang('ThisFieldIsRequired'), 'required');
 $form->addRule('firstname', get_lang('ThisFieldIsRequired'), 'required');
 
@@ -165,6 +166,7 @@ function show_icon_edit(element_html) {
     }
     $form->applyFilter('official_code', 'stripslashes');
     $form->applyFilter('official_code', 'trim');
+    $form->applyFilter('official_code', 'html_filter');
     if (api_get_setting('registration', 'officialcode') == 'true' && api_get_setting('profile', 'officialcode') == 'true') {
         $form->addRule('official_code', get_lang('ThisFieldIsRequired'), 'required');
     }
@@ -202,6 +204,7 @@ function show_icon_edit(element_html) {
 }
 $form->applyFilter('phone', 'stripslashes');
 $form->applyFilter('phone', 'trim');
+$form->applyFilter('phone', 'html_filter');
 /*if (api_get_setting('registration', 'phone') == 'true') {
     $form->addRule('phone', get_lang('ThisFieldIsRequired'), 'required');
 }
diff --git a/main/inc/lib/usermanager.lib.php b/main/inc/lib/usermanager.lib.php
@@ -4323,6 +4323,7 @@ static function set_extra_fields_in_form($form, $extra_data, $form_name, $admin_
                     $form->addElement('text', 'extra_'.$field_details[1], $field_details[3], array('size' => 40));
                     $form->applyFilter('extra_'.$field_details[1], 'stripslashes');
                     $form->applyFilter('extra_'.$field_details[1], 'trim');
+                    $form->applyFilter('extra_'.$field_details[1], 'html_filter');
 
                     if (!$admin_permissions) {
                         if ($field_details[7] == 0)

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,7 @@ function show_icon_edit(element_html) {`
`143`	`143`	`}`
`144`	`144`	`$form->applyFilter(array('lastname', 'firstname'), 'stripslashes');`
`145`	`145`	`$form->applyFilter(array('lastname', 'firstname'), 'trim');`
	`146`	`+$form->applyFilter(array('lastname', 'firstname'), 'html_filter');`
`146`	`147`	`$form->addRule('lastname' , get_lang('ThisFieldIsRequired'), 'required');`
`147`	`148`	`$form->addRule('firstname', get_lang('ThisFieldIsRequired'), 'required');`
`148`	`149`
`@@ -165,6 +166,7 @@ function show_icon_edit(element_html) {`
`165`	`166`	`}`
`166`	`167`	`$form->applyFilter('official_code', 'stripslashes');`
`167`	`168`	`$form->applyFilter('official_code', 'trim');`
	`169`	`+ $form->applyFilter('official_code', 'html_filter');`
`168`	`170`	`if (api_get_setting('registration', 'officialcode') == 'true' && api_get_setting('profile', 'officialcode') == 'true') {`
`169`	`171`	`$form->addRule('official_code', get_lang('ThisFieldIsRequired'), 'required');`
`170`	`172`	`}`
`@@ -202,6 +204,7 @@ function show_icon_edit(element_html) {`
`202`	`204`	`}`
`203`	`205`	`$form->applyFilter('phone', 'stripslashes');`
`204`	`206`	`$form->applyFilter('phone', 'trim');`
	`207`	`+$form->applyFilter('phone', 'html_filter');`
`205`	`208`	`/*if (api_get_setting('registration', 'phone') == 'true') {`
`206`	`209`	`$form->addRule('phone', get_lang('ThisFieldIsRequired'), 'required');`
`207`	`210`	`}`