Merge pull request #536 from sebastian-meyer/fix-xss-issue

Fix XSS issue
kitodo · Jul 29, 2020 · a91a997 · a91a997
2 parents 769f341 + bbdd8f7
commit a91a997
Show file tree

Hide file tree

Showing 6 changed files with 10 additions and 9 deletions.
diff --git a/Classes/Plugin/Basket.php b/Classes/Plugin/Basket.php
@@ -166,7 +166,7 @@ public function main($content, $conf)
             $mailForm = '<select name="tx_dlf[mail_action]">';
             $mailForm .= '<option value="">' . htmlspecialchars($this->pi_getLL('chooseMail', '')) . '</option>';
             while ($row = $resultMail->fetch()) {
-                $mailForm .= '<option value="' . $row['uid'] . '">' . $row['name'] . ' (' . $row['mail'] . ')</option>';
+                $mailForm .= '<option value="' . $row['uid'] . '">' . htmlspecialchars($row['name']) . ' (' . htmlspecialchars($row['mail']) . ')</option>';
             }
             $mailForm .= '</select><input type="submit">';
         }
@@ -200,7 +200,7 @@ public function main($content, $conf)
             $printForm = '<select name="tx_dlf[print_action]">';
             $printForm .= '<option value="">' . htmlspecialchars($this->pi_getLL('choosePrinter', '')) . '</option>';
             while ($row = $resultPrinter->fetch()) {
-                $printForm .= '<option value="' . $row['uid'] . '">' . $row['label'] . '</option>';
+                $printForm .= '<option value="' . $row['uid'] . '">' . htmlspecialchars($row['label']) . '</option>';
             }
             $printForm .= '</select><input type="submit" />';
         }
@@ -482,7 +482,7 @@ protected function getDocumentData($id, $data)
             $downloadUrl = $this->conf['pdfgenerate'] . $urlParams;
             $title = $document->getTitle($id, true);
             if (empty($title)) {
-                $title = htmlspecialchars($this->pi_getLL('noTitle', ''));
+                $title = $this->pi_getLL('noTitle', '');
             }
             // Set page and cutout information
             $info = '';
@@ -496,7 +496,7 @@ protected function getDocumentData($id, $data)
             } else {
                 $info .= htmlspecialchars($this->pi_getLL('page', '')) . ' ' . $data['startpage'] . '-' . $data['endpage'];
             }
-            $downloadLink = '<a href="' . $downloadUrl . '" target="_blank">' . $title . '</a> (' . $info . ')';
+            $downloadLink = '<a href="' . $downloadUrl . '" target="_blank">' . htmlspecialchars($title) . '</a> (' . $info . ')';
             if ($data['startpage'] == $data['endpage']) {
                 $pageNums = 1;
             } else {

diff --git a/Classes/Plugin/ListView.php b/Classes/Plugin/ListView.php
@@ -268,7 +268,7 @@ protected function getSortingForm()
         $sorting = '<form action="' . $this->cObj->typoLink_URL($linkConf) . '" method="get"><div><input type="hidden" name="id" value="' . $GLOBALS['TSFE']->id . '" />';
         foreach ($this->piVars as $piVar => $value) {
             if ($piVar != 'order' && $piVar != 'DATA' && !empty($value)) {
-                $sorting .= '<input type="hidden" name="' . $this->prefixId . '[' . $piVar . ']" value="' . htmlspecialchars($value) . '" />';
+                $sorting .= '<input type="hidden" name="' . $this->prefixId . '[' . preg_replace('/[^A-Za-z0-9_-]/', '', $piVar) . ']" value="' . htmlspecialchars($value) . '" />';
             }
         }
         // Select sort field.

diff --git a/Classes/Plugin/Navigation.php b/Classes/Plugin/Navigation.php
@@ -73,7 +73,7 @@ protected function getPageSelector()
         // Add plugin variables.
         foreach ($this->piVars as $piVar => $value) {
             if ($piVar != 'page' && $piVar != 'DATA' && !empty($value)) {
-                $output .= '<input type="hidden" name="' . $this->prefixId . '[' . $piVar . ']" value="' . htmlspecialchars($value) . '" />';
+                $output .= '<input type="hidden" name="' . $this->prefixId . '[' . preg_replace('/[^A-Za-z0-9_-]/', '', $piVar) . ']" value="' . htmlspecialchars($value) . '" />';
             }
         }
         // Add page selector.

diff --git a/Documentation/Settings.cfg b/Documentation/Settings.cfg
@@ -1,6 +1,6 @@
 [general]
 project = Kitodo.Presentation
-release = 3.1.0
+release = 3.1.2
 copyright = since 2017 by Kitodo Release Management Team
 
 [html_theme_options]

diff --git a/SECURITY.md b/SECURITY.md
@@ -8,7 +8,8 @@ The following versions of Kitodo.Presentation are currently being supported with
 | ------- | ------------- | :----------------------: | :----------------------: |
 | 3.1.x   | 8 LTS + 9 LTS | :heavy_check_mark:       | :heavy_check_mark:       |
 | 3.0.x   | 8 LTS         | :heavy_multiplication_x: | :heavy_multiplication_x: |
-| 2.2.x   | 6 LTS + 7 LTS | :heavy_multiplication_x: | :heavy_check_mark:       |
+| 2.3.x   | 6 LTS + 7 LTS | :heavy_multiplication_x: | :heavy_check_mark:       |
+| 2.2.x   | 6 LTS + 7 LTS | :heavy_multiplication_x: | :heavy_multiplication_x: |
 | 2.1.x   | 6 LTS + 7 LTS | :heavy_multiplication_x: | :heavy_multiplication_x: |
 | 2.0.x   | 6 LTS + 7 LTS | :heavy_multiplication_x: | :heavy_multiplication_x: |
 | 1.x     | 4 LTS + 6 LTS | :heavy_multiplication_x: | :heavy_multiplication_x: |

diff --git a/ext_emconf.php b/ext_emconf.php
@@ -13,7 +13,7 @@
 $EM_CONF[$_EXTKEY] = [
     'title' => 'Kitodo.Presentation',
     'description' => 'Base plugins, modules, services and API of the Digital Library Framework. It is part of the community-based Kitodo Digitization Suite.',
-    'version' => '3.1.1',
+    'version' => '3.1.2',
     'category' => 'misc',
     'constraints' => [
         'depends' => [