projects / horde.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1c801ba)
Bug #9240: properly escape elements in dimp.
authorMichael M Slusarz <slusarz@curecanti.org>
Wed, 8 Sep 2010 05:58:21 +0000 (23:58 -0600)
committerMichael M Slusarz <slusarz@curecanti.org>
Wed, 8 Sep 2010 16:52:08 +0000 (10:52 -0600)
Escape mailbox label since it is directly inserted into page in the
message list title bar.
Escape growler message because it may include user submitted input.

imp/docs/CHANGES patch | blob | history
imp/js/dimpcore.js patch | blob | history
imp/lib/Views/ListMessages.php patch | blob | history

diff --git a/imp/docs/CHANGES b/imp/docs/CHANGES
index 8bb6244..6aec7d4 100644 (file)
--- a/imp/docs/CHANGES
+++ b/imp/docs/CHANGES
@@ -2471,6 +2471,8 @@ OLD DIMP CHANGELOG
 v1.1.5-cvs
 ----------
 
+[mms] SECURITY: XSS - Make sure mailbox name displayed on mailbox page is
+      properly encoded (Bug #9240).
 [jan] Fix notices with certain output buffer configurations
       (Valentin.Vidic@CARNet.hr, Bug #7851).
 [mms] Turn DNS prefetching off when displaying untrusted message content
diff --git a/imp/js/dimpcore.js b/imp/js/dimpcore.js
index 67c7056..c16e9d3 100644 (file)
--- a/imp/js/dimpcore.js
+++ b/imp/js/dimpcore.js
@@ -242,7 +242,7 @@ var DimpCore = {
             case 'horde.message':
             case 'horde.success':
             case 'horde.warning':
-                this.Growler.growl(m.message, {
+                this.Growler.growl(m.message.escapeHTML(), {
                     className: m.type.replace('.', '-'),
                     life: (m.type == 'horde.error' ? 12 : 8),
                     log: 1
@@ -252,7 +252,7 @@ var DimpCore = {
             case 'imp.reply':
             case 'imp.forward':
             case 'imp.redirect':
-                this.Growler.growl(m.message, {
+                this.Growler.growl(m.message.escapeHTML(), {
                     className: m.type.replace('.', '-'),
                     life: 8
                 });
diff --git a/imp/lib/Views/ListMessages.php b/imp/lib/Views/ListMessages.php
index 7b3e2bf..9787c94 100644 (file)
--- a/imp/lib/Views/ListMessages.php
+++ b/imp/lib/Views/ListMessages.php
@@ -456,7 +456,7 @@ class IMP_Views_ListMessages
         $ob = new stdClass;
         $ob->cacheid = 0;
         $ob->data = array();
-        $ob->label = IMP::getLabel($mbox);
+        $ob->label = htmlspecialchars(IMP::getLabel($mbox));
         $ob->metadata = new stdClass;
         $ob->rowlist = array();
         $ob->totalrows = 0;
Unnamed repository; edit this file to name it for gitweb.