Domů Procházet Nápověda
Přihlásit se
LBP
/
FressRSS
zrcadlo https://github.com/FreshRSS/FreshRSS.git
4
0
Rozštěpit 0
Soubory Úkoly 0 Wiki
Procházet zdrojové kódy

Minz: missing URL key/param encoding

Caused searches such as "intitle:&" to fail after paging, and
possible XSS vulnerabilities.
Discovered during https://github.com/FreshRSS/FreshRSS/issues/754
Alexandre Alapetite před 11 roky
rodič
12081f7ba2
revize
211569ef85
3 změnil soubory, kde provedl 19 přidání a 21 odebrání
Rozdělené zobrazení Ukázat statistiku rozdílových dat
  1. 1 2
      app/layout/header.phtml
  2. 1 2
      app/layout/nav_menu.phtml
  3. 17 17
      lib/Minz/Url.php

+ 1 - 2
app/layout/header.phtml
Zobrazit soubor 

@@ -25,8 +25,7 @@ if (FreshRSS_Auth::accessNeedsAction()) {
 
 		<?php if (FreshRSS_Auth::hasAccess() || FreshRSS_Context::$system_conf->allow_anonymous) { ?>
 
 		<form action="<?php echo _url('index', 'index'); ?>" method="get">
 
 			<div class="stick">
 
-				<?php $search = Minz_Request::param('search', ''); ?>
 
-				<input type="search" name="search" id="search" class="extend" value="<?php echo $search; ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
 
+				<input type="search" name="search" id="search" class="extend" value="<?php echo FreshRSS_Context::$search; ?>" placeholder="<?php echo _t('gen.menu.search'); ?>" />
 
 
 				<?php $get = Minz_Request::param('get', ''); ?>
 
 				<?php if ($get != '') { ?>

+ 1 - 2
app/layout/nav_menu.phtml
Zobrazit soubor 

@@ -156,8 +156,7 @@
 
 
 	<div class="item search">
 
 		<form action="<?php echo _url('index', 'index'); ?>" method="get">
 
-			<?php $search = Minz_Request::param('search', ''); ?>
 
-			<input type="search" name="search" class="extend" value="<?php echo $search; ?>" placeholder="<?php echo _t('index.menu.search_short'); ?>" />
 
+			<input type="search" name="search" class="extend" value="<?php echo FreshRSS_Context::$search; ?>" placeholder="<?php echo _t('index.menu.search_short'); ?>" />
 
 
 			<?php $get = Minz_Request::param('get', ''); ?>
 
 			<?php if($get != '') { ?>

+ 17 - 17
lib/Minz/Url.php
Zobrazit soubor 

@@ -45,45 +45,45 @@ class Minz_Url {
 
 
 		return $url_string;
 
 	}
 
-	
+
 
 	/**
 
 	 * Construit l'URI d'une URL
 
 	 * @param l'url sous forme de tableau
 
 	 * @param $encodage pour indiquer comment encoder les & (& ou &amp; pour html)
 
 	 * @return l'uri sous la forme ?key=value&key2=value2
 
 	 */
 
-	private static function printUri ($url, $encodage) {
 
+	private static function printUri($url, $encodage) {
 
 		$uri = '';
 
 		$separator = '?';
 
-		
-		if($encodage == 'html') {
 
+
 
+		if ($encodage === 'html') {
 
 			$and = '&amp;';
 
 		} else {
 
 			$and = '&';
 
 		}
 
-		
-		if (isset ($url['c'])
 
-		 && $url['c'] != Minz_Request::defaultControllerName ()) {
 
+
 
+		if (isset($url['c'])
 
+		 && $url['c'] != Minz_Request::defaultControllerName()) {
 
 			$uri .= $separator . 'c=' . $url['c'];
 
 			$separator = $and;
 
 		}
 
-		
-		if (isset ($url['a'])
 
-		 && $url['a'] != Minz_Request::defaultActionName ()) {
 
+
 
+		if (isset($url['a'])
 
+		 && $url['a'] != Minz_Request::defaultActionName()) {
 
 			$uri .= $separator . 'a=' . $url['a'];
 
 			$separator = $and;
 
 		}
 
-		
-		if (isset ($url['params'])) {
 
+
 
+		if (isset($url['params'])) {
 
 			foreach ($url['params'] as $key => $param) {
 
-				$uri .= $separator . $key . '=' . $param;
 
+				$uri .= $separator . urlencode($key) . '=' . urlencode($param);
 
 				$separator = $and;
 
 			}
 
 		}
 
-		
+
 
 		return $uri;
 
 	}
 
-	
+
 
 	/**
 
 	 * Vérifie que les éléments du tableau représentant une url soit ok
 
 	 * @param l'url sous forme de tableau (sinon renverra directement $url)
 
@@ -91,7 +91,7 @@ class Minz_Url {
 
 	 */
 
 	public static function checkUrl ($url) {
 
 		$url_checked = $url;
 
-		
+
 
 		if (is_array ($url)) {
 
 			if (!isset ($url['c'])) {
 
 				$url_checked['c'] = Minz_Request::defaultControllerName ();
 
@@ -103,7 +103,7 @@ class Minz_Url {
 
 				$url_checked['params'] = array ();
 
 			}
 
 		}
 
-		
+
 
 		return $url_checked;
 
 	}
 
 }