summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2016-06-17 00:12:43 +0200
committerFlorian Pritz <bluewind@xinu.at>2016-07-04 07:58:15 +0200
commit21b263a88550d1da199a13d215ea1477d603b75a (patch)
tree862efb7ac1bca22c9c9b941ed1eef172ebc232a2 /application
parentaca5b6c6362c415df501f76ef170794e77522242 (diff)
Harden XSS escaping
This could lead to XSS if the html attribute values weren't quoted with double quotes. By default htmlentities only encodes double quotes and not single quotes. If the quotes are ever changed this could lead to exploitable XSS. Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application')
-rw-r--r--application/views/file/fragments/thumbnail.php4
-rw-r--r--application/views/file/upload_history.php2
2 files changed, 3 insertions, 3 deletions
diff --git a/application/views/file/fragments/thumbnail.php b/application/views/file/fragments/thumbnail.php
index 7cbebe7fe..7fad5575f 100644
--- a/application/views/file/fragments/thumbnail.php
+++ b/application/views/file/fragments/thumbnail.php
@@ -12,8 +12,8 @@ if (substr($base_url, -1) !== "/") {
<?php if (strpos($item["mimetype"], "image/") === 0) {?>rel="gallery" class="colorbox"<?php } ?>
data-orientation="<?php echo $item["orientation"]; ?>"
href="<?php echo $base_url.$item["id"]."/"; ?>"
- title="<?php echo htmlentities($item["filename"]); ?>"
- data-content="<?php echo htmlentities($item["tooltip"]); ?>"
+ title="<?php echo htmlentities($item["filename"], ENT_QUOTES); ?>"
+ data-content="<?php echo htmlentities($item["tooltip"], ENT_QUOTES); ?>"
data-id="<?php echo $item["id"]; ?>"><!--
--><img class="thumb lazyload"
data-original="<?php echo $base_url."file/thumbnail/".$item["id"]; ?>"
diff --git a/application/views/file/upload_history.php b/application/views/file/upload_history.php
index 7d46efe3a..060cd25c3 100644
--- a/application/views/file/upload_history.php
+++ b/application/views/file/upload_history.php
@@ -16,7 +16,7 @@
<?php foreach($items as $key => $item): ?>
<tr>
<td><input type="checkbox" name="ids[<?php echo $item["id"] ?>]" value="<?php echo $item["id"] ?>" class="delete-history"></td>
- <td><a href="<?php echo site_url("/".$item["id"]) ?>/" data-content="<?php if (isset($item['preview_text'])) {echo htmlentities($item['preview_text']);} ?>"><?php echo $item["id"] ?></a></td>
+ <td><a href="<?php echo site_url("/".$item["id"]) ?>/" data-content="<?php if (isset($item['preview_text'])) {echo htmlentities($item['preview_text'], ENT_QUOTES);} ?>"><?php echo $item["id"] ?></a></td>
<td class="wrap"><?php echo htmlspecialchars($item["filename"]); ?></td>
<td><?php echo $item["mimetype"] ?></td>
<td class="nowrap" data-sort-value="<?=$item["date"]; ?>"><?php echo date("r", $item["date"]); ?></td>