CC-4894: Need to filter output for potential XSS exploits

-fixed few areas
2013-01-29 15:17:29 -05:00 · 2013-01-29 15:17:29 -05:00 · b15c4569eb
parent 9d4e0d2dd1
commit b15c4569eb
9 changed files with 20 additions and 9 deletions
--- a/airtime_mvc/application/controllers/LibraryController.php
+++ b/airtime_mvc/application/controllers/LibraryController.php
@ -385,6 +385,15 @@ class LibraryController extends Zend_Controller_Action
        //TODO move this to the datatables row callback.
        foreach ($r["aaData"] as &$data) {

+            foreach ($data as $k => &$v) {
+                if ($k != "image" && $k != "checkbox") {
+                    $v = htmlspecialchars($v);
+                }
+            }
+            //TODO: Replace the above foreach loop with the line below when ticket
+            //CC-4896 is completed.
+            //$data = array_map('htmlspecialchars', $data);
+
            if ($data['ftype'] == 'audioclip') {
                $file = Application_Model_StoredFile::Recall($data['id']);
                $scid = $file->getSoundCloudId();
--- a/airtime_mvc/application/controllers/UserController.php
+++ b/airtime_mvc/application/controllers/UserController.php
@ -115,7 +115,7 @@ class UserController extends Zend_Controller_Action
        $post = $this->getRequest()->getPost();
        $users = Application_Model_User::getUsersDataTablesInfo($post);

-        die(json_encode($users));
+        $this->_helper->json->sendJson($users);
    }

    public function getUserDataAction()
--- a/airtime_mvc/application/layouts/scripts/layout.phtml
+++ b/airtime_mvc/application/layouts/scripts/layout.phtml
@ -24,7 +24,7 @@
    <div class="personal-block solo">
        <ul>
          <li>
-            <a id="current-user" href=<?php echo $baseUrl . "User/edit-user"?>><span class="name"><?php echo $this->loggedInAs()?></span></a> | <a href=<?php echo $baseUrl . "Login/logout"?>><?php echo _("Logout")?></a>
+            <a id="current-user" href=<?php echo $baseUrl . "User/edit-user"?>><span class="name"><?php echo $this->escape($this->loggedInAs()); ?></span></a> | <a href=<?php echo $baseUrl . "Login/logout"?>><?php echo _("Logout")?></a>
          </li>
        </ul>
    </div>
--- a/airtime_mvc/application/models/ShowBuilder.php
+++ b/airtime_mvc/application/models/ShowBuilder.php
@ -227,7 +227,7 @@ class Application_Model_ShowBuilder
        $row["endDate"]   = $showEndDT->format("Y-m-d");
        $row["endTime"]   = $showEndDT->format("H:i");
        $row["duration"]  = floatval($showEndDT->format("U.u")) - floatval($showStartDT->format("U.u"));
-        $row["title"]     = $p_item["show_name"];
+        $row["title"]     = htmlspecialchars($p_item["show_name"]);
        $row["instance"]  = intval($p_item["si_id"]);
        $row["image"]     = '';

--- a/airtime_mvc/application/models/User.php
+++ b/airtime_mvc/application/models/User.php
@ -335,6 +335,8 @@ class Application_Model_User
            } else {
                $record['delete'] = "";
            }
+
+            $record = array_map('htmlspecialchars', $record);
        }

        return $res;
--- a/airtime_mvc/application/views/scripts/form/edit-user.phtml
+++ b/airtime_mvc/application/views/scripts/form/edit-user.phtml
@ -1,4 +1,4 @@
-<h2><? echo sprintf(_("%s's Settings"), $this->currentUser) ?></h2>
+<h2><? echo sprintf(_("%s's Settings"), $this->escape($this->currentUser)) ?></h2>
 <div id="current-user-container">
 <form id="current-user-form" class="edit-user-global" method="post" enctype="application/x-www-form-urlencoded">
    <dl class="zend_form">
@ -160,4 +160,4 @@
        <button type="submit" id="cu_save_user" class="btn btn-small right-floated"><?php echo _("Save")?></button>
    </dl>
 </form>
-</div>
+</div>
--- a/airtime_mvc/application/views/scripts/form/preferences_watched_dirs.phtml
+++ b/airtime_mvc/application/views/scripts/form/preferences_watched_dirs.phtml
@ -11,7 +11,7 @@
            <?php if($this->element->getElement('storageFolder')->hasErrors()) : ?>
                <ul class='errors'>
                    <?php foreach($this->element->getElement('storageFolder')->getMessages() as $error): ?>
-                        <li><?php echo $error; ?></li>
+                        <li><?php echo $this->escape($error); ?></li>
                    <?php endforeach; ?>
                </ul>
            <?php endif; ?>
@ -29,7 +29,7 @@
            <?php if($this->element->getElement('watchedFolder')->hasErrors()) : ?>
                <ul class='errors'>
                    <?php foreach($this->element->getElement('watchedFolder')->getMessages() as $error): ?>
-                        <li><?php echo $error; ?></li>
+                        <li><?php echo $this->escape($error); ?></li>
                    <?php endforeach; ?>
                </ul>
            <?php endif; ?>
--- a/airtime_mvc/application/views/scripts/playlist/playlist.phtml
+++ b/airtime_mvc/application/views/scripts/playlist/playlist.phtml
@ -39,7 +39,7 @@ if (isset($this->obj)) {
    <input id='obj_type' type='hidden' value='playlist'></input>
    <div class="playlist_title">
        <h3 id="obj_name">
-            <a id="playlist_name_display" contenteditable="true"><?php echo $this->obj->getName(); ?></a>
+            <a id="playlist_name_display" contenteditable="true"><?php echo $this->escape($this->obj->getName()); ?></a>
        </h3>
        <h4 id="obj_length"><?php echo $this->length; ?></h4>
    </div>
--- a/airtime_mvc/public/js/airtime/preferences/streamsetting.js
+++ b/airtime_mvc/public/js/airtime/preferences/streamsetting.js
@ -28,7 +28,7 @@ function rebuildStreamURL(ele){
    }else{
        streamurl = "http://"+host+":"+port+"/"
    }
-    div.find("#stream_url").html(streamurl)
+    div.find("#stream_url").text(streamurl)
 }
 function restrictOggBitrate(ele, on){
    var div = ele.closest("div")