lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #13125 from 418sec/develop

Browse Source 
dolibarr - Cross-site Scripting (XSS) - Fix:
This commit is contained in:
Laurent Destailleur 2020-02-18 22:29:53 +01:00 committed by GitHub
commit 2069438115
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/comm/action/card.php
View File

@ -840,7 +840,7 @@ if ($action == 'create')
print '<input type="hidden" name="token" value="'.newToken().'">';
print '<input type="hidden" name="action" value="add">';
print '<input type="hidden" name="donotclearsession" value="1">';
if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : $_SERVER["HTTP_REFERER"]).'">';
if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : htmlentities($_SERVER["HTTP_REFERER"])).'">';
if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print '<input type="hidden" name="actioncode" value="'.dol_getIdFromCode($db, 'AC_OTH', 'c_actioncomm').'">';
if (GETPOST("actioncode", 'aZ09') == 'AC_RDV') print load_fiche_titre($langs->trans("AddActionRendezVous"), '', 'title_agenda');
@ -1249,7 +1249,7 @@ if ($id > 0)
print '<input type="hidden" name="action" value="update">';
print '<input type="hidden" name="id" value="'.$id.'">';
print '<input type="hidden" name="ref_ext" value="'.$object->ref_ext.'">';
if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : $_SERVER["HTTP_REFERER"]).'">';
if ($backtopage) print '<input type="hidden" name="backtopage" value="'.($backtopage != '1' ? $backtopage : htmlentities($_SERVER["HTTP_REFERER"])).'">';
if (empty($conf->global->AGENDA_USE_EVENT_TYPE)) print '<input type="hidden" name="actioncode" value="'.$object->type_code.'">';
dol_fiche_head($head, 'card', $langs->trans("Action"), 0, 'action');

1
htdocs/filefunc.inc.php
View File

@ -165,7 +165,6 @@ if (! defined('NOCSRFCHECK') && empty($dolibarr_nocsrfcheck))
if ($csrfattack)
{
//print 'NOCSRFCHECK='.defined('NOCSRFCHECK').' REQUEST_METHOD='.$_SERVER['REQUEST_METHOD'].' HTTP_HOST='.$_SERVER['HTTP_HOST'].' HTTP_REFERER='.$_SERVER['HTTP_REFERER'];
// Note: We can't use dol_escape_htmltag here to escape output because lib functions.lib.ph is not yet loaded.
print "Access refused by CSRF protection in main.inc.php. Referer of form (".htmlentities($_SERVER['HTTP_REFERER'], ENT_COMPAT, 'UTF-8').") is outside the server that serve this page (with method = ".htmlentities($_SERVER['REQUEST_METHOD'], ENT_COMPAT, 'UTF-8').").\n";
print "If you access your server behind a proxy using url rewriting, you might check that all HTTP headers are propagated (or add the line \$dolibarr_nocsrfcheck=1 into your conf.php file to remove this security check).\n";

2
htdocs/public/error-401.php
View File

@ -21,7 +21,7 @@
Sorry. You are not allowed to access this resource.
<br>
<?php print isset($_SERVER["HTTP_REFERER"])?'You come from '.$_SERVER["HTTP_REFERER"].'.':''; ?>
<?php print isset($_SERVER["HTTP_REFERER"])?'You come from '.htmlentities($_SERVER["HTTP_REFERER"]).'.':''; ?>
<hr>

2
htdocs/public/error-404.php
View File

@ -21,7 +21,7 @@
You requested a website or a page that does not exists.
<br>
<?php print isset($_SERVER["HTTP_REFERER"])?'You come from '.$_SERVER["HTTP_REFERER"].'.':''; ?>
<?php print isset($_SERVER["HTTP_REFERER"])?'You come from '.htmlentities($_SERVER["HTTP_REFERER"]).'.':''; ?>
<hr>