Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: [Bug #232] Multiple Cross-Site-Scripting vulnerabilities

Browse Source
This commit is contained in:
Regis Houssin
2011-11-08 17:11:30 +01:00
parent d8e8d047f4 e8fcda3303
commit 338b35e2a3
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/main.inc.php
View File

@@ -83,8 +83,9 @@ function test_sql_and_script_inject($val, $get)
$sql_inj += preg_match('/(\.\.%2f)+/i', $val); $sql_inj += preg_match('/(\.\.%2f)+/i', $val);
// For XSS Injection done by adding javascript with script // For XSS Injection done by adding javascript with script
$sql_inj += preg_match('/<script/i', $val); $sql_inj += preg_match('/<script/i', $val);
$sql_inj += preg_match('/img[\s]src/i', $val); $sql_inj += preg_match('/img[\s]+src/i', $val);
$sql_inj += preg_match('/base[\s]href/i', $val); $sql_inj += preg_match('/base[\s]+href/i', $val);
$sql_inj += preg_match('/style([\s]+)?=/i', $val);
if ($get) $sql_inj += preg_match('/javascript:/i', $val); if ($get) $sql_inj += preg_match('/javascript:/i', $val);
// For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param) // For XSS Injection done by adding javascript with onmousemove, etc... (closing a src or href tag with not cleaned param)
if ($get) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value if ($get) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
@@ -374,7 +375,7 @@ if (! defined('NOLOGIN'))
// If error, we will put error message in session under the name dol_loginmesg // If error, we will put error message in session under the name dol_loginmesg
$goontestloop=false; $goontestloop=false;
if (isset($_SERVER["REMOTE_USER"]) && in_array('http',$authmode)) $goontestloop=true; if (isset($_SERVER["REMOTE_USER"]) && in_array('http',$authmode)) $goontestloop=true;
if (isset($_POST["username"]) || ! empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode','alpha',1)) $goontestloop=true; if (GETPOST("username","alpha",2) || ! empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode','alpha',1)) $goontestloop=true;
if ($test && $goontestloop) if ($test && $goontestloop)
{ {
@@ -406,13 +407,13 @@ if (! defined('NOLOGIN'))
$langs->load('errors'); $langs->load('errors');
// Bad password. No authmode has found a good password. // Bad password. No authmode has found a good password.
$user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.$_POST["username"]; $user->trigger_mesg=$langs->trans("ErrorBadLoginPassword").' - login='.GETPOST("username","alpha",2);
$_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword"); $_SESSION["dol_loginmesg"]=$langs->trans("ErrorBadLoginPassword");
// Appel des triggers // Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php"); include_once(DOL_DOCUMENT_ROOT . "/core/class/interfaces.class.php");
$interface=new Interfaces($db); $interface=new Interfaces($db);
$result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,$_POST["entity"]); $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,GETPOST("username","alpha",2));
if ($result < 0) { $error++; } if ($result < 0) { $error++; }
// Fin appel triggers // Fin appel triggers
} }