Add urlencode to protect origin and cidReq

jmontoyaa · jmontoyaa · commit a669ca3204f5 · 2021-04-21T14:07:08.000+02:00
diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php
@@ -2198,8 +2198,8 @@ function api_get_cidreq_params($courseCode, $sessionId = 0, $groupId = 0)
 function api_get_cidreq($addSessionId = true, $addGroupId = true, $origin = '')
 {
     $courseCode = api_get_course_id();
-    $url = empty($courseCode) ? '' : 'cidReq='.htmlspecialchars($courseCode);
-    $origin = empty($origin) ? api_get_origin() : Security::remove_XSS($origin);
+    $url = empty($courseCode) ? '' : 'cidReq='.urlencode(htmlspecialchars($courseCode));
+    $origin = empty($origin) ? api_get_origin() : urlencode(Security::remove_XSS($origin));
 
     if ($addSessionId) {
         if (!empty($url)) {
@@ -8840,7 +8840,7 @@ function convert_double_quote_to_single($in_text)
  */
 function api_get_origin()
 {
-    return isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';
+    return isset($_REQUEST['origin']) ? urlencode(Security::remove_XSS(urlencode($_REQUEST['origin']))) : '';
 }
 
 /**

Original file line number	Diff line number	Diff line change
`@@ -2198,8 +2198,8 @@ function api_get_cidreq_params($courseCode, $sessionId = 0, $groupId = 0)`
`2198`	`2198`	`function api_get_cidreq($addSessionId = true, $addGroupId = true, $origin = '')`
`2199`	`2199`	`{`
`2200`	`2200`	`$courseCode = api_get_course_id();`
`2201`		`- $url = empty($courseCode) ? '' : 'cidReq='.htmlspecialchars($courseCode);`
`2202`		`- $origin = empty($origin) ? api_get_origin() : Security::remove_XSS($origin);`
	`2201`	`+ $url = empty($courseCode) ? '' : 'cidReq='.urlencode(htmlspecialchars($courseCode));`
	`2202`	`+ $origin = empty($origin) ? api_get_origin() : urlencode(Security::remove_XSS($origin));`
`2203`	`2203`
`2204`	`2204`	`if ($addSessionId) {`
`2205`	`2205`	`if (!empty($url)) {`
`@@ -8840,7 +8840,7 @@ function convert_double_quote_to_single($in_text)`
`8840`	`8840`	`*/`
`8841`	`8841`	`function api_get_origin()`
`8842`	`8842`	`{`
`8843`		`- return isset($_REQUEST['origin']) ? Security::remove_XSS($_REQUEST['origin']) : '';`
	`8843`	`+ return isset($_REQUEST['origin']) ? urlencode(Security::remove_XSS(urlencode($_REQUEST['origin']))) : '';`
`8844`	`8844`	`}`
`8845`	`8845`
`8846`	`8846`	`/**`