Merge pull request #529 from sebastian-meyer/fix-xss-issue-2.x

Fix XSS issue for 2.x
kitodo · Jul 16, 2020 · 31a7fe1 · 31a7fe1
2 parents a970bf0 + 95de0db
commit 31a7fe1
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 5 deletions.
diff --git a/plugins/listview/class.tx_dlf_listview.php b/plugins/listview/class.tx_dlf_listview.php
@@ -365,7 +365,7 @@ protected function getSortingForm() {
 
             if ($piVar != 'order' && $piVar != 'DATA' && !empty($value)) {
 
-                $sorting .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.$value.'" />';
+                $sorting .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.htmlspecialchars($value).'" />';
 
             }
 
@@ -385,7 +385,7 @@ protected function getSortingForm() {
 
         foreach ($this->sortables as $index_name => $label) {
 
-            $sorting .= '<option value="'.$index_name.'"'.(($this->list->metadata['options']['order'] == $index_name) ? ' selected="selected"' : '').'>'.htmlspecialchars($label).'</option>';
+            $sorting .= '<option value="'.htmlspecialchars($index_name).'"'.(($this->list->metadata['options']['order'] == $index_name) ? ' selected="selected"' : '').'>'.htmlspecialchars($label).'</option>';
 
         }
 

diff --git a/plugins/navigation/class.tx_dlf_navigation.php b/plugins/navigation/class.tx_dlf_navigation.php
@@ -75,7 +75,7 @@ protected function getPageSelector() {
 
             if ($piVar != 'page' && $piVars != 'DATA' && !empty($value)) {
 
-                $output .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.$value.'" />';
+                $output .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.htmlspecialchars($value).'" />';
 
             }
 

diff --git a/plugins/pageview/class.tx_dlf_pageview.php b/plugins/pageview/class.tx_dlf_pageview.php
@@ -183,9 +183,9 @@ protected function addBasketForm() {
 
             $output = '<form id="addToBasketForm" action="'.$this->cObj->typoLink_URL($basketConf).'" method="post">';
 
-            $output .= '<input type="hidden" name="tx_dlf[startpage]" id="startpage" value="'.$this->piVars['page'].'">';
+            $output .= '<input type="hidden" name="tx_dlf[startpage]" id="startpage" value="'.htmlspecialchars($this->piVars['page']).'">';
 
-            $output .= '<input type="hidden" name="tx_dlf[endpage]" id="endpage" value="'.$this->piVars['page'].'">';
+            $output .= '<input type="hidden" name="tx_dlf[endpage]" id="endpage" value="'.htmlspecialchars($this->piVars['page']).'">';
 
             $output .= '<input type="hidden" name="tx_dlf[startX]" id="startX">';
-Original file line number
+Diff line change
@@ Expand Up / @@ -75,7 +75,7 @@ protected function getPageSelector() { @@
                 if ($piVar != 'page' && $piVars != 'DATA' && !empty($value)) {
-                    $output .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.$value.'" />';
+                    $output .= '<input type="hidden" name="'.$this->prefixId.'['.$piVar.']" value="'.htmlspecialchars($value).'" />';
                 }
@@ Expand Down @@