From b2101823682f3738f5b367d2c1f2a7c6d47cdad1 Mon Sep 17 00:00:00 2001 From: Ivan Kohler Date: Sun, 11 Nov 2012 22:20:19 -0800 Subject: [PATCH] fix XSS --- FS/FS/UI/Web.pm | 5 +++-- httemplate/browse/part_event.html | 14 +++++++------- httemplate/edit/cust_main/first_pkg/svc_acct.html | 8 ++++---- httemplate/index.html | 2 +- httemplate/search/cust_main.cgi | 6 +++--- httemplate/search/elements/search-html.html | 4 ++-- 6 files changed, 20 insertions(+), 19 deletions(-) diff --git a/FS/FS/UI/Web.pm b/FS/FS/UI/Web.pm index 1cc539a9f..c2ea0a61c 100644 --- a/FS/FS/UI/Web.pm +++ b/FS/FS/UI/Web.pm @@ -3,7 +3,8 @@ package FS::UI::Web; use strict; use vars qw($DEBUG @ISA @EXPORT_OK $me); use Exporter; -use Carp qw( confess );; +use Carp qw( confess ); +use HTML::Entities; use FS::Conf; use FS::Misc::DateTime qw( parse_datetime ); use FS::Record qw(dbdef); @@ -383,7 +384,7 @@ sub cust_fields { map { if ( $record->custnum ) { warn " $record -> $_" if $DEBUG > 1; - $record->$_(@_); + encode_entities( $record->$_(@_) ); } else { warn " ($record unlinked)" if $DEBUG > 1; $seen_unlinked++ ? '' : '(unlinked)'; diff --git a/httemplate/browse/part_event.html b/httemplate/browse/part_event.html index c06a14fe7..62e7ff0d9 100644 --- a/httemplate/browse/part_event.html +++ b/httemplate/browse/part_event.html @@ -47,7 +47,7 @@ my $event_sub = sub { my $onclick = include('/elements/popup_link_onclick.html', action => $p.'view/part_event-targets.html?eventpart='. $part_event->eventpart, - actionlabel => 'Event query - '.$part_event->event, + actionlabel => 'Event query', #no, XSS - '.$part_event->event, width => 650, height => 420, close_text => 'Close', @@ -55,14 +55,14 @@ my $event_sub = sub { [#rows [#subcolumns { - 'data' => $part_event->event, - 'link' => $p.'edit/part_event.html?'.$part_event->eventpart, + 'data' => encode_entities($part_event->event), + 'link' => $p.'edit/part_event.html?'.$part_event->eventpart, }, { - 'data' => ' (query) ', - 'size' => '-1', - 'data_style' => 'b', - 'onclick' => $onclick, + 'data' => ' (query) ', + 'size' => '-1', + 'data_style' => 'b', + 'onclick' => $onclick, }, ], ]; diff --git a/httemplate/edit/cust_main/first_pkg/svc_acct.html b/httemplate/edit/cust_main/first_pkg/svc_acct.html index b1ccc137c..717bf5025 100644 --- a/httemplate/edit/cust_main/first_pkg/svc_acct.html +++ b/httemplate/edit/cust_main/first_pkg/svc_acct.html @@ -5,7 +5,7 @@ MAXLENGTH = <% $ulen %> > @@ -26,7 +26,7 @@ MAXLENGTH = <% $passwordmax %>> % unless ( $opt{'password_verify'} ) { @@ -41,7 +41,7 @@ MAXLENGTH = <% $passwordmax %>> @@ -51,7 +51,7 @@ % if ( $conf->exists('security_phrase') ) { <% mt('Security Phrase') |h %> - + % } else { diff --git a/httemplate/index.html b/httemplate/index.html index 71926aa4e..bc51e6a52 100644 --- a/httemplate/index.html +++ b/httemplate/index.html @@ -46,7 +46,7 @@ % next unless $cust_main; - <% $cust_main->display_custnum %>: <% $cust_main->name %> + <% $cust_main->display_custnum %>: <% $cust_main->name |h %> % if ( $bgcolor eq $bgcolor1 ) { diff --git a/httemplate/search/cust_main.cgi b/httemplate/search/cust_main.cgi index 7c3ad3384..8e3c8133e 100755 --- a/httemplate/search/cust_main.cgi +++ b/httemplate/search/cust_main.cgi @@ -54,7 +54,7 @@ % my $refcustlabel = "$referral_custnum: " . % ( $cust_main->company || $cust_main->last. ', '. $cust_main->first ); referrals of - "><% $refcustlabel %> + "><% $refcustlabel |h %>