diff options
| author | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 02:12:01 -0700 |
|---|---|---|
| committer | Andy Staudacher <andy.st@gmail.com> | 2009-08-31 02:12:01 -0700 |
| commit | 8312eb116e65195e3fc70d59b3b0817b9c807287 (patch) | |
| tree | 1a7191e21d19c92cd5fa843144356a8bd950ef06 | |
| parent | 26f6d8192ffdfd0280987ec2b9df0305e983746d (diff) | |
XSS review fixes (mostly adding missing html::mark_clean()) calls.
| -rw-r--r-- | modules/akismet/controllers/admin_akismet.php | 3 | ||||
| -rw-r--r-- | modules/gallery/controllers/admin_advanced_settings.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/admin_maintenance.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/albums.php | 238 | ||||
| -rw-r--r-- | modules/gallery/controllers/photos.php | 3 | ||||
| -rw-r--r-- | modules/gallery/helpers/graphics.php | 4 | ||||
| -rw-r--r-- | modules/notification/controllers/notification.php | 4 | ||||
| -rw-r--r-- | modules/slideshow/helpers/slideshow_event.php | 2 |
8 files changed, 130 insertions, 128 deletions
diff --git a/modules/akismet/controllers/admin_akismet.php b/modules/akismet/controllers/admin_akismet.php index 9ba89bd4..ca3a1473 100644 --- a/modules/akismet/controllers/admin_akismet.php +++ b/modules/akismet/controllers/admin_akismet.php @@ -45,7 +45,8 @@ class Admin_Akismet_Controller extends Admin_Controller { message::success(t("Your Akismet key has been saved.")); } - log::success("akismet", t("Akismet key changed to $new_key")); + log::success("akismet", t("Akismet key changed to %new_key", + array("new_key" => $new_key))); module::set_var("akismet", "api_key", $new_key); akismet::check_config(); url::redirect("admin/akismet"); diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 43c77340..79bc1183 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success( t("Saved value for %var (%module_name)", - array("var" => html::clean($var_name), "module_name" => $module_name))); + array("var" => $var_name, "module_name" => $module_name))); print json_encode(array("result" => "success")); } diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 543961a1..66bcce55 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -34,7 +34,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { "%count tasks are stalled", $stalled_count), t('<a href="%url">view</a>', - array("url" => url::site("admin/maintenance")))); + array("url" => html::mark_clean(url::site("admin/maintenance"))))); } $view = new Admin_View("admin.html"); diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index ec3eb426..78f12c80 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -1,118 +1,118 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class Albums_Controller extends Items_Controller { - - /** - * @see REST_Controller::_show($resource) - */ - public function _show($album) { - $page_size = module::get_var("gallery", "page_size", 9); - if (!access::can("view", $album)) { - if ($album->id == 1) { - $view = new Theme_View("page.html", "login"); - $view->page_title = t("Log in to Gallery"); - $view->content = user::get_login_form("login/auth_html"); - print $view; - return; - } else { - access::forbidden(); - } - } - - $show = $this->input->get("show"); - - if ($show) { - $index = $album->get_position($show); - $page = ceil($index / $page_size); - if ($page == 1) { - url::redirect("albums/$album->id"); - } else { - url::redirect("albums/$album->id?page=$page"); - } - } - - $page = $this->input->get("page", "1"); - $children_count = $album->viewable()->children_count(); - $offset = ($page - 1) * $page_size; - $max_pages = max(ceil($children_count / $page_size), 1); - - // Make sure that the page references a valid offset - if ($page < 1) { - url::redirect("albums/$album->id"); - } else if ($page > $max_pages) { - url::redirect("albums/$album->id?page=$max_pages"); - } - - $template = new Theme_View("page.html", "album"); - $template->set_global("page_size", $page_size); - $template->set_global("item", $album); - $template->set_global("children", $album->viewable()->children($page_size, $offset)); - $template->set_global("children_count", $children_count); - $template->set_global("parents", $album->parents()); - $template->content = new View("album.html"); - - // We can't use math in ORM or the query builder, so do this by hand. It's important - // that we do this with math, otherwise concurrent accesses will damage accuracy. - Database::instance()->query( - "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); - - print $template; - } - - /** - * @see REST_Controller::_create($resource) - */ - public function _create($album) { - access::verify_csrf(); - access::required("view", $album); - access::required("add", $album); - - switch ($this->input->post("type")) { - case "album": - return $this->_create_album($album); - - case "photo": - return $this->_create_photo($album); - - default: - access::forbidden(); - } - } - - private function _create_album($album) { - access::required("view", $album); - access::required("add", $album); - - $form = album::get_add_form($album); - if ($form->validate()) { - $new_album = album::create( - $album, - $this->input->post("name"), - $this->input->post("title", $this->input->post("name")), - $this->input->post("description"), - user::active()->id); - - log::success("content", "Created an album", - html::anchor("albums/$new_album->id", "view album")); - message::success( - t("Created album %album_title", array("album_title" => $new_album->title))); + <?php defined("SYSPATH") or die("No direct script access."); + /** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + class Albums_Controller extends Items_Controller { + + /** + * @see REST_Controller::_show($resource) + */ + public function _show($album) { + $page_size = module::get_var("gallery", "page_size", 9); + if (!access::can("view", $album)) { + if ($album->id == 1) { + $view = new Theme_View("page.html", "login"); + $view->page_title = t("Log in to Gallery"); + $view->content = user::get_login_form("login/auth_html"); + print $view; + return; + } else { + access::forbidden(); + } + } + + $show = $this->input->get("show"); + + if ($show) { + $index = $album->get_position($show); + $page = ceil($index / $page_size); + if ($page == 1) { + url::redirect("albums/$album->id"); + } else { + url::redirect("albums/$album->id?page=$page"); + } + } + + $page = $this->input->get("page", "1"); + $children_count = $album->viewable()->children_count(); + $offset = ($page - 1) * $page_size; + $max_pages = max(ceil($children_count / $page_size), 1); + + // Make sure that the page references a valid offset + if ($page < 1) { + url::redirect("albums/$album->id"); + } else if ($page > $max_pages) { + url::redirect("albums/$album->id?page=$max_pages"); + } + + $template = new Theme_View("page.html", "album"); + $template->set_global("page_size", $page_size); + $template->set_global("item", $album); + $template->set_global("children", $album->viewable()->children($page_size, $offset)); + $template->set_global("children_count", $children_count); + $template->set_global("parents", $album->parents()); + $template->content = new View("album.html"); + + // We can't use math in ORM or the query builder, so do this by hand. It's important + // that we do this with math, otherwise concurrent accesses will damage accuracy. + Database::instance()->query( + "UPDATE {items} SET `view_count` = `view_count` + 1 WHERE `id` = $album->id"); + + print $template; + } + + /** + * @see REST_Controller::_create($resource) + */ + public function _create($album) { + access::verify_csrf(); + access::required("view", $album); + access::required("add", $album); + + switch ($this->input->post("type")) { + case "album": + return $this->_create_album($album); + + case "photo": + return $this->_create_photo($album); + + default: + access::forbidden(); + } + } + + private function _create_album($album) { + access::required("view", $album); + access::required("add", $album); + + $form = album::get_add_form($album); + if ($form->validate()) { + $new_album = album::create( + $album, + $this->input->post("name"), + $this->input->post("title", $this->input->post("name")), + $this->input->post("description"), + user::active()->id); + + log::success("content", "Created an album", + html::anchor("albums/$new_album->id", "view album")); + message::success(t("Created album %album_title", + array("album_title" => html::purify($new_album->title)))); print json_encode( array("result" => "success", @@ -144,8 +144,8 @@ class Albums_Controller extends Items_Controller { user::active()->id); log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo")); - message::success( - t("Added photo %photo_title", array("photo_title" => $photo->title))); + message::success(t("Added photo %photo_title", + array("photo_title" => html::purify($photo->title)))); print json_encode( array("result" => "success", @@ -193,8 +193,8 @@ class Albums_Controller extends Items_Controller { module::event("item_edit_form_completed", $album, $form); log::success("content", "Updated album", "<a href=\"albums/$album->id\">view</a>"); - message::success( - t("Saved album %album_title", array("album_title" => $album->title))); + message::success(t("Saved album %album_title", + array("album_title" => html::purify($album->title)))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 3447b4c6..3b9662c7 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -86,7 +86,8 @@ class Photos_Controller extends Items_Controller { log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>"); message::success( - t("Saved photo %photo_title", array("photo_title" => $photo->title))); + t("Saved photo %photo_title", + array("photo_title" => html::purify($photo->title)))); print json_encode( array("result" => "success", diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index acbcb9b2..521dc5a4 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -326,9 +326,9 @@ class graphics_Core { t2("One of your photos is out of date. <a %attrs>Click here to fix it</a>", "%count of your photos are out of date. <a %attrs>Click here to fix them</a>", $count, - array("attrs" => sprintf( + array("attrs" => html::mark_clean(sprintf( 'href="%s" class="gDialogLink"', - url::site("admin/maintenance/start/gallery_task::rebuild_dirty_images?csrf=__CSRF__")))), + url::site("admin/maintenance/start/gallery_task::rebuild_dirty_images?csrf=__CSRF__"))))), "graphics_dirty"); } } diff --git a/modules/notification/controllers/notification.php b/modules/notification/controllers/notification.php index ffb4b46a..5745de5d 100644 --- a/modules/notification/controllers/notification.php +++ b/modules/notification/controllers/notification.php @@ -26,10 +26,10 @@ class Notification_Controller extends Controller { if (notification::is_watching($item)) { notification::remove_watch($item); - message::success(sprintf(t("You are no longer watching %s"), $item->title)); + message::success(sprintf(t("You are no longer watching %s"), html::purify($item->title))); } else { notification::add_watch($item); - message::success(sprintf(t("You are now watching %s"), $item->title)); + message::success(sprintf(t("You are now watching %s"), html::purify($item->title))); } url::redirect($item->url(array(), true)); } diff --git a/modules/slideshow/helpers/slideshow_event.php b/modules/slideshow/helpers/slideshow_event.php index 1b881de4..77e296e8 100644 --- a/modules/slideshow/helpers/slideshow_event.php +++ b/modules/slideshow/helpers/slideshow_event.php @@ -23,7 +23,7 @@ class slideshow_event_Core { site_status::warning( t("The Slideshow module requires the RSS module. " . "<a href=\"%url\">Activate the RSS module now</a>", - array("url" => url::site("admin/modules"))), + array("url" => html::mark_clean(url::site("admin/modules")))), "slideshow_needs_rss"); } else { site_status::clear("slideshow_needs_rss"); |