summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDylan Hardison <dylan@mozilla.com>2016-02-29 14:23:34 +0100
committerDylan Hardison <dylan@mozilla.com>2016-02-29 14:31:44 +0100
commite9b54b1353f5f51c6300d6552c880de0d26863f3 (patch)
treea6919972cc5962128a83e9b4b1ae4c44f01a73dd
parentbe2d5f9288337f46255b8543e65694ad8a1afe4c (diff)
downloadbugzilla-e9b54b1353f5f51c6300d6552c880de0d26863f3.tar.gz
bugzilla-e9b54b1353f5f51c6300d6552c880de0d26863f3.tar.xz
Bug 1251647 - XSS vulnerability in the remo-form-payment page
-rw-r--r--extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl111
-rw-r--r--extensions/REMO/web/js/payment.js85
2 files changed, 89 insertions, 107 deletions
diff --git a/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl b/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl
index 3994e13fd..a37df1f89 100644
--- a/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl
+++ b/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl
@@ -25,114 +25,13 @@
generate_api_token = 1
style_urls = [ 'extensions/REMO/web/styles/moz_reps.css' ]
javascript_urls = [ 'extensions/REMO/web/js/form_validate.js',
+ 'extensions/REMO/web/js/payment.js',
'js/util.js',
'js/field.js' ]
yui = ['connection', 'json']
%]
-<script language="javascript" type="text/javascript">
-
-var bug_cache = {};
-
-function validateAndSubmit() {
- var alert_text = '';
- if(!isFilledOut('firstname')) alert_text += "Please enter your first name\n";
- if(!isFilledOut('lastname')) alert_text += "Please enter your last name\n";
- if(!isFilledOut('wikiprofile')) alert_text += "Please enter a wiki user profile.\n";
- if(!isFilledOut('wikipage')) alert_text += "Please enter a wiki page address.\n";
- if(!isFilledOut('bug_id')) alert_text += "Please enter a valid [% terms.bug %] id to attach this additional information to.\n";
- if(!isFilledOut('expenseform')) alert_text += "Please enter an expense form to upload.\n";
- if(!isFilledOut('receipts')) alert_text += "Please enter a receipts file to upload.\n";
-
- if (alert_text) {
- alert(alert_text);
- return false;
- }
-
- return true;
-}
-
-function togglePaymentInfo (e) {
- var div = document.getElementById('paymentinfo');
- if (e.checked == false) {
- div.style.display = 'block';
- }
- else {
- div.style.display = 'none';
- }
-}
-
-function getBugInfo (e, div) {
- var bug_id = e.value;
- div = document.getElementById(div);
-
- if (!bug_id) {
- div.innerHTML = "";
- return true;
- }
-
- div.style.display = 'block';
-
- if (bug_cache[bug_id]) {
- div.innerHTML = bug_cache[bug_id];
- e.disabled = false;
- return true;
- }
-
- e.disabled = true;
- div.innerHTML = 'Getting [% terms.bug %] info...';
-
- YAHOO.util.Connect.setDefaultPostHeader('application/json', true);
- YAHOO.util.Connect.asyncRequest(
- 'POST',
- 'jsonrpc.cgi',
- {
- success: function(res) {
- var bug_message = "";
- data = YAHOO.lang.JSON.parse(res.responseText);
- if (data.error) {
- bug_message = "Get [% terms.bug %] failed: " + data.error.message;
- }
- else if (data.result) {
- if (data.result.bugs[0].product !== 'Mozilla Reps'
- || data.result.bugs[0].component !== 'Budget Requests')
- {
- bug_message = "You can only attach budget payment " +
- "information to [% terms.bugs %] under the product " +
- "'Mozilla Reps' and component 'Budget Requests'.";
- }
- else {
- bug_message = "[% terms.Bug %] " + bug_id + " - " + data.result.bugs[0].status +
- " - " + data.result.bugs[0].summary;
- }
- }
- else {
- bug_message = "Get [% terms.bug %] failed: " + res.responseText;
- }
- div.innerHTML = bug_message;
- bug_cache[bug_id] = bug_message;
- e.disabled = false;
- },
- failure: function(res) {
- if (res.responseText) {
- div.innerHTML = "Get [% terms.bug %] failed: " + res.responseText;
- }
- }
- },
- YAHOO.lang.JSON.stringify({
- version: "1.1",
- method: "Bug.get",
- id: bug_id,
- params: {
- ids: [ bug_id ],
- include_fields: [ 'product', 'component', 'status', 'summary' ],
- Bugzilla_api_token : (BUGZILLA.api_token ? BUGZILLA.api_token : '')
- }
- })
- );
-}
-
-</script>
+<script language="javascript" type="text/javascript"></script>
<h1>Mozilla Reps - Payment Form</h1>
@@ -175,8 +74,7 @@ function getBugInfo (e, div) {
<tr class="odd">
<td><strong>Budget request [% terms.bug %]: <span style="color: red;">*</span></strong></td>
<td>
- <input type="text" name="bug_id" id="bug_id" value="" size="40"
- onblur="getBugInfo(this,'bug_info');")>
+ <input type="text" name="bug_id" id="bug_id" value="" size="40">
</td>
</tr>
@@ -189,8 +87,7 @@ function getBugInfo (e, div) {
<tr class="even">
<td colspan="2">
<strong>Have you already received payment for this event?</strong>
- <input type="checkbox" name="receivedpayment" id="receivedpayment" value="1"
- onchange="togglePaymentInfo(this);" checked="true">
+ <input type="checkbox" name="receivedpayment" id="receivedpayment" value="1" checked="true">
<div id="paymentinfo" style="display:none;">
Please send an email to William at mozilla.com with all the information below:<br>
<br>
diff --git a/extensions/REMO/web/js/payment.js b/extensions/REMO/web/js/payment.js
new file mode 100644
index 000000000..a03e611fb
--- /dev/null
+++ b/extensions/REMO/web/js/payment.js
@@ -0,0 +1,85 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * This Source Code Form is "Incompatible With Secondary Licenses", as
+ * defined by the Mozilla Public License, v. 2.0. */
+
+var bug_cache = {};
+
+function validateAndSubmit() {
+ var alert_text = '';
+ if(!isFilledOut('firstname')) alert_text += "Please enter your first name\n";
+ if(!isFilledOut('lastname')) alert_text += "Please enter your last name\n";
+ if(!isFilledOut('wikiprofile')) alert_text += "Please enter a wiki user profile.\n";
+ if(!isFilledOut('wikipage')) alert_text += "Please enter a wiki page address.\n";
+ if(!isFilledOut('bug_id')) alert_text += "Please enter a valid bug id to attach this additional information to.\n";
+ if(!isFilledOut('expenseform')) alert_text += "Please enter an expense form to upload.\n";
+ if(!isFilledOut('receipts')) alert_text += "Please enter a receipts file to upload.\n";
+
+ if (alert_text) {
+ alert(alert_text);
+ return false;
+ }
+
+ return true;
+}
+
+function getBugInfo (evt) {
+ var bug_id = parseInt(this.value);
+ var div = $("#bug_info");
+
+ if (!bug_id) {
+ div.text("");
+ return true;
+ }
+ div.show();
+
+ if (bug_cache[bug_id]) {
+ div.text(bug_cache[bug_id]);
+ return true;
+ }
+
+ div.text('Getting bug info...');
+
+ var url = ("rest/bug/" + bug_id +
+ "?include_fields=product,component,status,summary&Bugzilla_api_token=" + BUGZILLA.api_token);
+ $.getJSON(url).done(function(data) {
+ var bug_message = "";
+ if (data) {
+ if (data.bugs[0].product !== 'Mozilla Reps'
+ || data.bugs[0].component !== 'Budget Requests')
+ {
+ bug_message = "You can only attach budget payment " +
+ "information to bugs under the product " +
+ "'Mozilla Reps' and component 'Budget Requests'.";
+ }
+ else {
+ bug_message = "Bug " + bug_id + " - " + data.bugs[0].status +
+ " - " + data.bugs[0].summary;
+ }
+ }
+ else {
+ bug_message = "Get bug failed: " + data.responseText;
+ }
+ div.text(bug_message);
+ bug_cache[bug_id] = bug_message;
+ }).fail(function(res, x, y) {
+ if (res.responseJSON && res.responseJSON.error) {
+ div.text(res.responseJSON.message);
+ }
+ });
+ return true;
+}
+
+$(document).ready(function () {
+ $("#bug_id").blur(getBugInfo);
+ $("#receivedpayment").change(function() {
+ if (!$('#receivedpayment').is(':checked')) {
+ $('#paymentinfo').show();
+ }
+ else {
+ $('#paymentinfo').hide();
+ }
+ });
+});