Added some more protection against possible XSS attacks

thorsten · thorsten · commit 30b0025e19bd · 2017-09-14T21:10:24.000+02:00
diff --git a/phpmyfaq/admin/configuration.php b/phpmyfaq/admin/configuration.php
@@ -46,7 +46,12 @@
         // Set the new values
         $forbiddenValues = ['{', '}', '$'];
         $newConfigValues = [];
-        $escapeValues = ['main.contactInformations', 'main.customPdfHeader', 'main.customPdfFooter'];
+        $escapeValues = [
+            'main.contactInformations',
+            'main.customPdfHeader',
+            'main.customPdfFooter',
+            'main.titleFAQ'
+        ];
 
         // Special checks
         if (isset($editData['edit']['main.enableMarkdownEditor'])) {
@@ -58,7 +63,7 @@
             $newConfigValues[$key] = str_replace($forbiddenValues, '', $value);
             // Escape some values
             if (isset($escapeValues[$key])) {
-                $newConfigValues[$key] = PMF_String::htmlspecialchars($value, ENT_HTML5);
+                $newConfigValues[$key] = PMF_String::htmlspecialchars($value, ENT_QUOTES);
             }
             $keyArray = array_values(explode('.', $key));
             $newConfigClass = array_shift($keyArray);
diff --git a/phpmyfaq/inc/PMF/Faq.php b/phpmyfaq/inc/PMF/Faq.php
@@ -1602,7 +1602,7 @@ public function getRecordTitle($id)
 
         if ($this->_config->getDb()->numRows($result) > 0) {
             while ($row = $this->_config->getDb()->fetchObject($result)) {
-                $question = $row->question;
+                $question = PMF_String::htmlspecialchars($row->question);
             }
         } else {
             $question = $this->pmf_lang['no_cats'];
diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
@@ -479,11 +479,11 @@
 
 $tplMainPage = array(
     'msgLoginUser' => $user->isLoggedIn() ? $user->getUserData('display_name') : $PMF_LANG['msgLoginUser'],
-    'title' => $faqConfig->get('main.titleFAQ').$title,
+    'title' => PMF_String::htmlspecialchars($faqConfig->get('main.titleFAQ').$title),
     'baseHref' => $faqSystem->getSystemUri($faqConfig),
     'version' => $faqConfig->get('main.currentVersion'),
-    'header' => str_replace('"', '', $faqConfig->get('main.titleFAQ')),
-    'metaTitle' => str_replace('"', '', $faqConfig->get('main.titleFAQ').$title),
+    'header' => PMF_String::htmlspecialchars(str_replace('"', '', $faqConfig->get('main.titleFAQ'))),
+    'metaTitle' => PMF_String::htmlspecialchars(str_replace('"', '', $faqConfig->get('main.titleFAQ').$title)),
     'metaDescription' => $metaDescription,
     'metaKeywords' => $keywords,
     'metaPublisher' => $faqConfig->get('main.metaPublisher'),
diff --git a/phpmyfaq/main.php b/phpmyfaq/main.php
@@ -77,6 +77,6 @@
     'index',
     'breadcrumb',
     [
-        'breadcrumbHeadline' => $faqConfig->get('main.titleFAQ')
+        'breadcrumbHeadline' => PMF_String::htmlspecialchars($faqConfig->get('main.titleFAQ'))
     ]
 );

Original file line number	Diff line number	Diff line change
`@@ -1602,7 +1602,7 @@ public function getRecordTitle($id)`
`1602`	`1602`
`1603`	`1603`	`if ($this->_config->getDb()->numRows($result) > 0) {`
`1604`	`1604`	`while ($row = $this->_config->getDb()->fetchObject($result)) {`
`1605`		`- $question = $row->question;`
	`1605`	`+ $question = PMF_String::htmlspecialchars($row->question);`
`1606`	`1606`	`}`
`1607`	`1607`	`} else {`
`1608`	`1608`	`$question = $this->pmf_lang['no_cats'];`
Original file line number	Diff line number	Diff line change
`@@ -77,6 +77,6 @@`
`77`	`77`	`'index',`
`78`	`78`	`'breadcrumb',`
`79`	`79`	`[`
`80`		`- 'breadcrumbHeadline' => $faqConfig->get('main.titleFAQ')`
	`80`	`+ 'breadcrumbHeadline' => PMF_String::htmlspecialchars($faqConfig->get('main.titleFAQ'))`
`81`	`81`	`]`
`82`	`82`	`);`