[Fusionforge-commits] r7745 - in branches/Branch_4_5/gforge/www/docman: . include

Roland Mas lolando at libremir.placard.fr.eu.org
Sun Jun 7 14:48:50 CEST 2009


Author: lolando
Date: 2009-06-07 14:48:50 +0200 (Sun, 07 Jun 2009)
New Revision: 7745

Modified:
   branches/Branch_4_5/gforge/www/docman/include/doc_utils.php
   branches/Branch_4_5/gforge/www/docman/index.php
Log:
Backported from 4.8: fixed the Document Manager to allow filenames containing quotes (possible cross-site scripting vulnerability)

Modified: branches/Branch_4_5/gforge/www/docman/include/doc_utils.php
===================================================================
--- branches/Branch_4_5/gforge/www/docman/include/doc_utils.php	2009-06-07 12:35:28 UTC (rev 7744)
+++ branches/Branch_4_5/gforge/www/docman/include/doc_utils.php	2009-06-07 12:48:50 UTC (rev 7745)
@@ -204,14 +204,14 @@
 					if ($from_admin) {
 						$link = "index.php?editdoc=1&docid=".$docs[$j]->getID()."&group_id=".$docs[$j]->Group->getID();
 					} else {
-						$link = (( $docs[$j]->isURL() ) ? $docs[$j]->getFileName() : "view.php/".$docs[$j]->Group->getID()."/".$docs[$j]->getID()."/".$docs[$j]->getFileName() );
+						$link = (( $docs[$j]->isURL() ) ? $docs[$j]->getFileName() : "view.php/".$docs[$j]->Group->getID()."/".$docs[$j]->getID()."/".urlencode($docs[$j]->getFileName()));
 					}
 				
 					echo "<li>".
 							html_image('ic/docman16b.png',"20","20",array("border"=>"0")).
 							" ".
 							"<a href=\"".$link."\">".
-							$docs[$j]->getName().
+						addslashes($docs[$j]->getName())
 							"</a>";
 				}
 				echo "</ul>";

Modified: branches/Branch_4_5/gforge/www/docman/index.php
===================================================================
--- branches/Branch_4_5/gforge/www/docman/index.php	2009-06-07 12:35:28 UTC (rev 7744)
+++ branches/Branch_4_5/gforge/www/docman/index.php	2009-06-07 12:48:50 UTC (rev 7745)
@@ -114,8 +114,8 @@
 			print "\n\n<li><strong>". $d_arr[$i]->getDocGroupName() ."</strong></li><li style=\"list-style: none\"><ul>";
 			$last_group=$d_arr[$i]->getDocGroupID();
 		}
-		print "\n<li><a href=\"".(( $d_arr[$i]->isURL() ) ? $d_arr[$i]->getFileName() : "view.php/$group_id/".$d_arr[$i]->getID()."/".$d_arr[$i]->getFileName() )."\">".
-			$d_arr[$i]->getName()." [ ".$d_arr[$i]->getFileName()." ]</a>".
+		print "\n<li><a href=\"".(( $d_arr[$i]->isURL() ) ? $d_arr[$i]->getFileName() : "view.php/$group_id/".$d_arr[$i]->getID()."/".urlencode($d_arr[$i]->getFileName()) )."\">".
+			addslashes($d_arr[$i]->getName())." [ ".addslashes($d_arr[$i]->getFileName())." ]</a>".
 			"\n<br /><em>".$Language->getText('docman','description').":</em> ".$d_arr[$i]->getDescription()."</li>\n";
 	}
 	print "\n</ul></li></ul>\n";




More information about the Fusionforge-commits mailing list