Skip to content

Commit

Permalink
bugfix: fixed XSS bugs in customer forms - better insecure html elimi…
Browse files Browse the repository at this point in the history 
…nation based on htmlpurifer (LMS #1910)
  • Loading branch information
@chilek
chilek committed Jan 14, 2021
1 parent 778a765 commit 2043b14
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 23 deletions.
16 changes: 8 additions & 8 deletions lib/LMSManagers/LMSCustomerManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -591,10 +591,10 @@ public function customerAdd($customeradd)
'ssn' => $customeradd['ssn'],
'status' => $customeradd['status'],
SYSLOG::RES_USER => Auth::GetCurrentUser(),
'info' => Utils::removeInsecureHtmlElements($customeradd['info']),
'notes' => Utils::removeInsecureHtmlElements($customeradd['notes']),
'message' => Utils::removeInsecureHtmlElements($customeradd['message']),
'documentmemo' => empty($customeradd['documentmemo']) ? null : Utils::removeInsecureHtmlElements($customeradd['documentmemo']),
'info' => Utils::removeInsecureHtml($customeradd['info']),
'notes' => Utils::removeInsecureHtml($customeradd['notes']),
'message' => Utils::removeInsecureHtml($customeradd['message']),
'documentmemo' => empty($customeradd['documentmemo']) ? null : Utils::removeInsecureHtml($customeradd['documentmemo']),
'pin' => $customeradd['pin'],
'regon' => $customeradd['regon'],
'rbename' => $customeradd['rbename'],
Expand Down Expand Up @@ -1722,12 +1722,12 @@ public function customerUpdate($customerdata)
'ten' => $customerdata['ten'],
'ssn' => $customerdata['ssn'],
SYSLOG::RES_USER => Auth::GetCurrentUser(),
'info' => Utils::removeInsecureHtmlElements($customerdata['info']),
'notes' => Utils::removeInsecureHtmlElements($customerdata['notes']),
'info' => Utils::removeInsecureHtml($customerdata['info']),
'notes' => Utils::removeInsecureHtml($customerdata['notes']),
'lastname' => $customerdata['lastname'],
'name' => $customerdata['name'],
'message' => Utils::removeInsecureHtmlElements($customerdata['message']),
'documentmemo' => empty($customerdata['documentmemo']) ? null : Utils::removeInsecureHtmlElements($customerdata['documentmemo']),
'message' => Utils::removeInsecureHtml($customerdata['message']),
'documentmemo' => empty($customerdata['documentmemo']) ? null : Utils::removeInsecureHtml($customerdata['documentmemo']),
'pin' => $customerdata['pin'],
'regon' => $customerdata['regon'],
'ict' => $customerdata['ict'],
Expand Down
33 changes: 18 additions & 15 deletions lib/Utils.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -441,23 +441,26 @@ public static function determineAllowedCustomerStatus($value, $default = null)
}
}

public static function removeInsecureHtmlElements($html)
public static function removeInsecureHtml($html)
{
$dom = new DOMDocument();

$dom->loadHTML(mb_convert_encoding($html, 'HTML-ENTITIES', "UTF-8"), LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD);

$scripts = $dom->getElementsByTagName('script');

$remove = array();
foreach ($scripts as $item) {
$remove[] = $item;
}

foreach ($remove as $item) {
$item->parentNode->removeChild($item);
static $hm_purifier;
if (!isset($hm_purifier)) {
$hm_config = HTMLPurifier_Config::createDefault();
$hm_config->set('URI.AllowedSchemes', array(
'http' => true,
'https' => true,
'mailto' => true,
'ftp' => true,
'nntp' => true,
'news' => true,
'tel' => true,
'cid' => true,
));
$hm_config->set('CSS.MaxImgLength', null);
$hm_config->set('HTML.MaxImgLength', null);
$hm_purifier = new HTMLPurifier($hm_config);
}

return trim($dom->saveHTML());
return $hm_purifier->purify($html);
}
}

0 comments on commit 2043b14

Please sign in to comment.