Bug #9011: Fix XSS

slusarz     2010-08-24 18:31:34 UTC

  Modified files:        (Branch: FRAMEWORK_3)
    docs                 CHANGES
    .                    view.php
  Log:
  Bug: 9191
  Submitted by: nightmare.lmw@anarchynet.org
  Fix CSS vulnerability when viewing file data.

  Revision    Changes    Path
  1.114.2.58  +2 -0      gollem/docs/CHANGES
  1.51.2.7    +3 -5      gollem/view.php

diff --git a/gollem/docs/CHANGES b/gollem/docs/CHANGES
index a79d2e5..5dbc782 100644 (file)
--- a/gollem/docs/CHANGES
+++ b/gollem/docs/CHANGES
@@ -10,6 +10,8 @@ v1.1.2-cvs
 ----------
 
 [jan] Add Japanese translation (Hiromi Kimura <hiromi@tac.tsukuba.ac.jp>).
+[mms] SECURITY: Fix CSS vulnerability when viewing file data (found by
+      nightmare.lmw@anarchynet.org).
 
 
 ------

diff --git a/gollem/view.php b/gollem/view.php
index 75f6098..38bc9f0 100644 (file)
--- a/gollem/view.php
+++ b/gollem/view.php
@@ -30,20 +30,15 @@ if ($driver != $GLOBALS['gollem_be']['driver']) {
 
 $stream = null;
 $data = '';
-if (is_callable(array($GLOBALS['gollem_vfs'], 'readStream'))) {
-    $stream = $GLOBALS['gollem_vfs']->readStream($filedir, $filename);
-    if (is_a($stream, 'PEAR_Error')) {
-        Horde::logMessage($stream, 'NOTICE');
-        printf(_("Access denied to %s"), $filename);
-        exit;
-    }
-} else {
-    $data = $GLOBALS['gollem_vfs']->read($filedir, $filename);
-    if (is_a($data, 'PEAR_Error')) {
-        Horde::logMessage($data, 'NOTICE');
-        printf(_("Access denied to %s"), $filename);
-        exit;
+try {
+    if (is_callable(array($gollem_vfs, 'readStream'))) {
+        $stream = $gollem_vfs->readStream($filedir, $filename);
+    } else {
+        $data = $gollem_vfs->read($filedir, $filename);
     }
+} catch (VFS_Exception $e) {
+    Horde::logMessage($e, 'NOTICE');
+    throw $e;
 }
 
 /* Run through action handlers. */