diff options
author | Dylan Hardison <dylan@mozilla.com> | 2016-02-29 14:23:34 +0100 |
---|---|---|
committer | Dylan Hardison <dylan@mozilla.com> | 2016-02-29 14:31:44 +0100 |
commit | e9b54b1353f5f51c6300d6552c880de0d26863f3 (patch) | |
tree | a6919972cc5962128a83e9b4b1ae4c44f01a73dd | |
parent | be2d5f9288337f46255b8543e65694ad8a1afe4c (diff) | |
download | bugzilla-e9b54b1353f5f51c6300d6552c880de0d26863f3.tar.gz bugzilla-e9b54b1353f5f51c6300d6552c880de0d26863f3.tar.xz |
Bug 1251647 - XSS vulnerability in the remo-form-payment page
-rw-r--r-- | extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl | 111 | ||||
-rw-r--r-- | extensions/REMO/web/js/payment.js | 85 |
2 files changed, 89 insertions, 107 deletions
diff --git a/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl b/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl index 3994e13fd..a37df1f89 100644 --- a/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl +++ b/extensions/REMO/template/en/default/pages/remo-form-payment.html.tmpl @@ -25,114 +25,13 @@ generate_api_token = 1 style_urls = [ 'extensions/REMO/web/styles/moz_reps.css' ] javascript_urls = [ 'extensions/REMO/web/js/form_validate.js', + 'extensions/REMO/web/js/payment.js', 'js/util.js', 'js/field.js' ] yui = ['connection', 'json'] %] -<script language="javascript" type="text/javascript"> - -var bug_cache = {}; - -function validateAndSubmit() { - var alert_text = ''; - if(!isFilledOut('firstname')) alert_text += "Please enter your first name\n"; - if(!isFilledOut('lastname')) alert_text += "Please enter your last name\n"; - if(!isFilledOut('wikiprofile')) alert_text += "Please enter a wiki user profile.\n"; - if(!isFilledOut('wikipage')) alert_text += "Please enter a wiki page address.\n"; - if(!isFilledOut('bug_id')) alert_text += "Please enter a valid [% terms.bug %] id to attach this additional information to.\n"; - if(!isFilledOut('expenseform')) alert_text += "Please enter an expense form to upload.\n"; - if(!isFilledOut('receipts')) alert_text += "Please enter a receipts file to upload.\n"; - - if (alert_text) { - alert(alert_text); - return false; - } - - return true; -} - -function togglePaymentInfo (e) { - var div = document.getElementById('paymentinfo'); - if (e.checked == false) { - div.style.display = 'block'; - } - else { - div.style.display = 'none'; - } -} - -function getBugInfo (e, div) { - var bug_id = e.value; - div = document.getElementById(div); - - if (!bug_id) { - div.innerHTML = ""; - return true; - } - - div.style.display = 'block'; - - if (bug_cache[bug_id]) { - div.innerHTML = bug_cache[bug_id]; - e.disabled = false; - return true; - } - - e.disabled = true; - div.innerHTML = 'Getting [% terms.bug %] info...'; - - YAHOO.util.Connect.setDefaultPostHeader('application/json', true); - YAHOO.util.Connect.asyncRequest( - 'POST', - 'jsonrpc.cgi', - { - success: function(res) { - var bug_message = ""; - data = YAHOO.lang.JSON.parse(res.responseText); - if (data.error) { - bug_message = "Get [% terms.bug %] failed: " + data.error.message; - } - else if (data.result) { - if (data.result.bugs[0].product !== 'Mozilla Reps' - || data.result.bugs[0].component !== 'Budget Requests') - { - bug_message = "You can only attach budget payment " + - "information to [% terms.bugs %] under the product " + - "'Mozilla Reps' and component 'Budget Requests'."; - } - else { - bug_message = "[% terms.Bug %] " + bug_id + " - " + data.result.bugs[0].status + - " - " + data.result.bugs[0].summary; - } - } - else { - bug_message = "Get [% terms.bug %] failed: " + res.responseText; - } - div.innerHTML = bug_message; - bug_cache[bug_id] = bug_message; - e.disabled = false; - }, - failure: function(res) { - if (res.responseText) { - div.innerHTML = "Get [% terms.bug %] failed: " + res.responseText; - } - } - }, - YAHOO.lang.JSON.stringify({ - version: "1.1", - method: "Bug.get", - id: bug_id, - params: { - ids: [ bug_id ], - include_fields: [ 'product', 'component', 'status', 'summary' ], - Bugzilla_api_token : (BUGZILLA.api_token ? BUGZILLA.api_token : '') - } - }) - ); -} - -</script> +<script language="javascript" type="text/javascript"></script> <h1>Mozilla Reps - Payment Form</h1> @@ -175,8 +74,7 @@ function getBugInfo (e, div) { <tr class="odd"> <td><strong>Budget request [% terms.bug %]: <span style="color: red;">*</span></strong></td> <td> - <input type="text" name="bug_id" id="bug_id" value="" size="40" - onblur="getBugInfo(this,'bug_info');")> + <input type="text" name="bug_id" id="bug_id" value="" size="40"> </td> </tr> @@ -189,8 +87,7 @@ function getBugInfo (e, div) { <tr class="even"> <td colspan="2"> <strong>Have you already received payment for this event?</strong> - <input type="checkbox" name="receivedpayment" id="receivedpayment" value="1" - onchange="togglePaymentInfo(this);" checked="true"> + <input type="checkbox" name="receivedpayment" id="receivedpayment" value="1" checked="true"> <div id="paymentinfo" style="display:none;"> Please send an email to William at mozilla.com with all the information below:<br> <br> diff --git a/extensions/REMO/web/js/payment.js b/extensions/REMO/web/js/payment.js new file mode 100644 index 000000000..a03e611fb --- /dev/null +++ b/extensions/REMO/web/js/payment.js @@ -0,0 +1,85 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. + * + * This Source Code Form is "Incompatible With Secondary Licenses", as + * defined by the Mozilla Public License, v. 2.0. */ + +var bug_cache = {}; + +function validateAndSubmit() { + var alert_text = ''; + if(!isFilledOut('firstname')) alert_text += "Please enter your first name\n"; + if(!isFilledOut('lastname')) alert_text += "Please enter your last name\n"; + if(!isFilledOut('wikiprofile')) alert_text += "Please enter a wiki user profile.\n"; + if(!isFilledOut('wikipage')) alert_text += "Please enter a wiki page address.\n"; + if(!isFilledOut('bug_id')) alert_text += "Please enter a valid bug id to attach this additional information to.\n"; + if(!isFilledOut('expenseform')) alert_text += "Please enter an expense form to upload.\n"; + if(!isFilledOut('receipts')) alert_text += "Please enter a receipts file to upload.\n"; + + if (alert_text) { + alert(alert_text); + return false; + } + + return true; +} + +function getBugInfo (evt) { + var bug_id = parseInt(this.value); + var div = $("#bug_info"); + + if (!bug_id) { + div.text(""); + return true; + } + div.show(); + + if (bug_cache[bug_id]) { + div.text(bug_cache[bug_id]); + return true; + } + + div.text('Getting bug info...'); + + var url = ("rest/bug/" + bug_id + + "?include_fields=product,component,status,summary&Bugzilla_api_token=" + BUGZILLA.api_token); + $.getJSON(url).done(function(data) { + var bug_message = ""; + if (data) { + if (data.bugs[0].product !== 'Mozilla Reps' + || data.bugs[0].component !== 'Budget Requests') + { + bug_message = "You can only attach budget payment " + + "information to bugs under the product " + + "'Mozilla Reps' and component 'Budget Requests'."; + } + else { + bug_message = "Bug " + bug_id + " - " + data.bugs[0].status + + " - " + data.bugs[0].summary; + } + } + else { + bug_message = "Get bug failed: " + data.responseText; + } + div.text(bug_message); + bug_cache[bug_id] = bug_message; + }).fail(function(res, x, y) { + if (res.responseJSON && res.responseJSON.error) { + div.text(res.responseJSON.message); + } + }); + return true; +} + +$(document).ready(function () { + $("#bug_id").blur(getBugInfo); + $("#receivedpayment").change(function() { + if (!$('#receivedpayment').is(':checked')) { + $('#paymentinfo').show(); + } + else { + $('#paymentinfo').hide(); + } + }); +}); |