lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: A reflected cross-site scripting vulnerability can be exploited to execute arbitrary JavaScript

Browse Source
This commit is contained in:
Regis Houssin 2011-04-26 21:06:45 +00:00
parent 09786cabeb
commit 19dc20c512
12 changed files with 39 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/admin/menus/menu.js.php
View File

@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,0);
?>

19
htdocs/document.php
View File

@ -32,12 +32,7 @@
define('NOTOKENRENEWAL',1); // Disables token renewal
// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
$encoding = '';
$action = isset($_GET["action"])?$_GET["action"]:'';
$original_file = isset($_GET["file"])?$_GET["file"]:'';
$modulepart = isset($_GET["modulepart"])?$_GET["modulepart"]:'';
$urlsource = isset($_GET["urlsource"])?$_GET["urlsource"]:'';
$modulepart = (!empty($_GET['modulepart'])?$_GET['modulepart']:'');
// Pour autre que bittorrent, on charge environnement + info issus de logon (comme le user)
if (($modulepart == 'bittorrent') && ! defined("NOLOGIN"))
@ -61,9 +56,15 @@ function llxHeader() { }
require("./main.inc.php"); // Load $user and permissions
require_once(DOL_DOCUMENT_ROOT.'/lib/files.lib.php');
// Do not use urldecode here ($_GET and $_REQUEST are already decoded by PHP).
$encoding = '';
$action = GETPOST('action');
$original_file = GETPOST('file');
$urlsource = GETPOST('urlsource');
// Define mime type
$type = 'application/octet-stream';
if (! empty($_GET["type"])) $type=$_GET["type"];
if (GETPOST('type')) $type=GETPOST('type');
else $type=dol_mimetype($original_file);
//print 'X'.$type.'-'.$original_file;exit;
@ -478,7 +479,7 @@ if (preg_match('/\.\./',$original_file) || preg_match('/[<>|]/',$original_file))
{
dol_syslog("Refused to deliver file ".$original_file);
// Do no show plain path in shown error message
dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$_GET["file"]));
dol_print_error(0,$langs->trans("ErrorFileNameInvalid",$original_file));
exit;
}
@ -493,7 +494,7 @@ if ($action == 'remove_file') // Remove a file
$original_file_osencoded=dol_osencode($original_file); // New file name encoded in OS encoding charset
if (! file_exists($original_file_osencoded))
{
dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$_GET["file"]));
dol_print_error(0,$langs->trans("ErrorFileDoesNotExists",$original_file));
exit;
}

10
htdocs/externalsite/frames.php
View File

@ -36,11 +36,11 @@ if (empty($conf->global->EXTERNALSITE_URL))
llxFooter('$Date$ - $Revision$');
}
$mainmenu=isset($_GET["mainmenu"])?$_GET["mainmenu"]:"";
$leftmenu=isset($_GET["leftmenu"])?$_GET["leftmenu"]:"";
$idmenu=isset($_GET["idmenu"])?$_GET["idmenu"]:"";
$theme=isset($_GET["theme"])?$_GET["theme"]:"";
$codelang=isset($_GET["lang"])?$_GET["lang"]:"";
$mainmenu=GETPOST('mainmenu');
$leftmenu=GETPOST('leftmenu');
$idmenu=GETPOST('idmenu');
$theme=GETPOST('theme');
$codelang=GETPOST('lang');
print "
<html>

4
htdocs/lib/datepicker.php
View File

@ -39,7 +39,7 @@ if (! defined('NOREQUIREHTML')) define('NOREQUIREHTML',1);
require_once("../main.inc.php");
if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL by the main.inc.php
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL by the main.inc.php
$langs->load("main");
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
@ -53,7 +53,7 @@ $left=($langs->trans("DIRECTION")=='rtl'?'right':'left');
print '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">'."\n";
print '<html>'."\n";
print '<head>'."\n";
if (isset($_GET["mode"]) && $_GET["mode"] == 'test')
if (GETPOST('mode') && GETPOST('mode') == 'test')
{
print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/lib/lib_head.js"></script>'."\n";
}

2
htdocs/lib/security.lib.php
View File

@ -90,7 +90,7 @@ function dol_loginfunction($langs,$conf,$mysoc)
global $dolibarr_main_demo,$db;
global $smartphone;
$langcode=(empty($_GET["lang"])?((is_object($langs)&&$langs->defaultlang)?$langs->defaultlang:'auto'):$_GET["lang"]);
$langcode=(GETPOST('lang')?((is_object($langs)&&$langs->defaultlang)?$langs->defaultlang:'auto'):GETPOST('lang'));
$langs->setDefaultLang($langcode);
$langs->load("main");

17
htdocs/main.inc.php
View File

@ -261,8 +261,7 @@ if (! empty($conf->global->MAIN_SECURITY_CSRF)) // Check validity of token, only
}
// Disable modules (this must be after session_start and after conf has been loaded)
if (! empty($_GET["disablemodules"])) $_SESSION["disablemodules"]=$_GET["disablemodules"];
if (! empty($_POST["disablemodules"])) $_SESSION["disablemodules"]=$_POST["disablemodules"];
if (GETPOST('disablemodules')) $_SESSION["disablemodules"]=GETPOST('disablemodules');
if (! empty($_SESSION["disablemodules"]))
{
$disabled_modules=explode(',',$_SESSION["disablemodules"]);
@ -369,7 +368,7 @@ if (! defined('NOLOGIN'))
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
$interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,$_POST["entity"]);
$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,GETPOST('entity'));
if ($result < 0) { $error++; }
// Fin appel triggers
}
@ -664,7 +663,7 @@ if (! defined('NOLOGIN'))
$conf->css = "/theme/".$conf->theme."/style.css.php";
}
// Set javascript option
if (empty($_GET["nojs"])) // If javascript was not disabled on URL
if (! GETPOST('nojs')) // If javascript was not disabled on URL
{
if (! empty($user->conf->MAIN_DISABLE_JAVASCRIPT))
{
@ -677,7 +676,7 @@ if (! defined('NOLOGIN'))
if (! defined('NOREQUIRETRAN'))
{
if (empty($_GET["lang"])) // If language was not forced on URL
if (! GETPOST('lang')) // If language was not forced on URL
{
// If user has chosen its own language
if (! empty($user->conf->MAIN_LANG_DEFAULT))
@ -692,7 +691,7 @@ if (! defined('NOREQUIRETRAN'))
}
else // If language was forced on URL
{
$langs->setDefaultLang($_GET["lang"]);
$langs->setDefaultLang(GETPOST('lang'));
}
}
@ -887,13 +886,13 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
// Output style sheets (optioncss='print' or '')
$themepath=dol_buildpath((empty($conf->global->MAIN_FORCETHEMEDIR)?'':$conf->global->MAIN_FORCETHEMEDIR).$conf->css,1);
//print 'themepath='.$themepath;exit;
print '<link rel="stylesheet" type="text/css" title="default" href="'.$themepath.'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').'">'."\n";
print '<link rel="stylesheet" type="text/css" title="default" href="'.$themepath.'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'').'">'."\n";
// CSS forced by modules (relative url starting with /)
if (is_array($conf->css_modules))
{
foreach($conf->css_modules as $cssfile)
{ // cssfile is an absolute path
print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').'">'."\n";
print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'').'">'."\n";
}
}
// CSS forced by page in top_htmlhead call (relative url starting with /)
@ -901,7 +900,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
{
foreach($arrayofcss as $cssfile)
{
print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(! empty($_GET["optioncss"])?'&optioncss='.$_GET["optioncss"]:'').'">'."\n";
print '<link rel="stylesheet" type="text/css" title="default" href="'.dol_buildpath($cssfile,1).'?lang='.$langs->defaultlang.'&theme='.$conf->theme.(GETPOST('optioncss')?'&optioncss='.GETPOST('optioncss'):'').'">'."\n";
}
}

2
htdocs/support/inc.php
View File

@ -146,7 +146,7 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* removed in PHP6
// Defini objet langs
$langs = new Translate('..',$conf);
if (isset($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]);
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang'));
else $langs->setDefaultLang('auto');
$bc[false]=' class="bg1"';

4
htdocs/theme/auguria/style.css.php
View File

@ -50,8 +50,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');

4
htdocs/theme/bureau2crea/style.css.php
View File

@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');

4
htdocs/theme/eldy/style.css.php
View File

@ -50,8 +50,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');

4
htdocs/theme/freelug/style.css.php
View File

@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');

4
htdocs/theme/yellow/style.css.php
View File

@ -49,8 +49,8 @@ else header('Cache-Control: no-cache');
// On the fly GZIP compression for all pages (if browser support it). Must set the bit 3 of constant to 1.
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x04)) { ob_start("ob_gzhandler"); }
if (! empty($_GET["lang"])) $langs->setDefaultLang($_GET["lang"]); // If language was forced on URL
if (! empty($_GET["theme"])) $conf->theme=$_GET["theme"]; // If theme was forced on URL
if (GETPOST('lang')) $langs->setDefaultLang(GETPOST('lang')); // If language was forced on URL
if (GETPOST('theme')) $conf->theme=GETPOST('theme'); // If theme was forced on URL
$langs->load("main",0,1);
$right=($langs->trans("DIRECTION")=='rtl'?'left':'right');
$left=($langs->trans("DIRECTION")=='rtl'?'right':'left');