Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat/dependencies #1833

Merged
merged 7 commits into from
Jun 4, 2022
Merged

Feat/dependencies #1833

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
66f3436
fix: Fix XSS when displaying URL on search account view.
nuxsmin Jun 4, 2022
e009cbb
fix: Fix XSS when displaying URL on account view.
nuxsmin Jun 4, 2022
c08fd66
fix: Fix XSS when displaying some URLs.
nuxsmin Jun 4, 2022
bc73033
fix: Fix XSS when displaying some URLs.
nuxsmin Jun 4, 2022
8f21d7d
chore: Bump version number.
nuxsmin Jun 4, 2022
2b3abd3
build: Update dependencies.
nuxsmin Jun 4, 2022
a1bbd5f
build: Update dependencies.
nuxsmin Jun 4, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/modules/web/themes/material-blue/views/account/account-editpass.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ $accountAcl = $_getvar('accountAcl');
<div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
<input id="url" name="url" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $accountData->getUrl(); ?>"
value="<?php echo htmlspecialchars($accountData->getUrl(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="url"><?php echo __('URL / IP'); ?></label>
Expand Down
2 changes: 1 addition & 1 deletion app/modules/web/themes/material-blue/views/account/account-history.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,7 +110,7 @@ $accountAcl = $_getvar('accountAcl');
<input id="url" name="url" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="255" tabindex="4"
value="<?php echo $accountData->getUrl(); ?>"
value="<?php echo htmlspecialchars($accountData->getUrl(), ENT_QUOTES); ?>"
readonly>
<label class="mdl-textfield__label"
for="name"><?php echo __('Access URL or IP'); ?></label>
Expand Down
2 changes: 1 addition & 1 deletion app/modules/web/themes/material-blue/views/account/account.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,7 @@ $showCustomFields = count($_getvar('customFields', 0)) > 0;
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="255"
value="<?php echo $gotData
? $accountData->getUrl()
? htmlspecialchars($accountData->getUrl(), ENT_QUOTES)
: ''; ?>"
<?php echo $_getvar('readonly'); ?>
>
Expand Down
8 changes: 4 additions & 4 deletions app/modules/web/themes/material-blue/views/account/search-rows.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,13 +102,13 @@ $favoriteRouteOff = $_getvar('favoriteRouteOff');
<div class="field-url field-text label-field">
<div class="field-name"><?php echo __('URL / IP'); ?></div>
<?php if ($accountSearchItem->isUrlIslink()): ?>
<a href="<?php echo $accountSearchData->getUrl(); ?>"
<a href="<?php echo urlencode($accountSearchData->getUrl()); ?>"
target="_blank"
title="<?php printf(__('Open link to: %s'), $accountSearchData->getUrl()); ?>">
<?php echo $accountSearchItem->getShortUrl(); ?>
title="<?php printf(__('Open link to: %s'), htmlspecialchars($accountSearchData->getUrl(), ENT_QUOTES)); ?>">
<?php echo htmlspecialchars($accountSearchItem->getShortUrl(), ENT_QUOTES); ?>
</a>
<?php else: ?>
<div class="field-text"><?php echo $accountSearchItem->getShortUrl(); ?></div>
<div class="field-text"><?php echo htmlspecialchars($accountSearchItem->getShortUrl(), ENT_QUOTES); ?></div>
<?php endif; ?>
</div>
<?php else: ?>
Expand Down
2 changes: 1 addition & 1 deletion app/modules/web/themes/material-blue/views/config/general-auth.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ use SP\Mvc\View\Template;
<input id="authbasic_domain" name="authbasic_domain" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getAuthBasicDomain(); ?>">
value="<?php echo htmlspecialchars($configData->getAuthBasicDomain(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="authbasic_domain"><?php echo __('Domain name'); ?></label>
</div>
Expand Down
2 changes: 1 addition & 1 deletion app/modules/web/themes/material-blue/views/config/general-events.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ use SP\Mvc\View\Template;
<input id="remotesyslog_server" name="remotesyslog_server"
type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $configData->getSyslogServer(); ?>"/>
value="<?php echo htmlspecialchars($configData->getSyslogServer(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="remotesyslog_server"><?php echo __('Hostname or IP address'); ?></label>
</div>
Expand Down
4 changes: 2 additions & 2 deletions app/modules/web/themes/material-blue/views/config/general-proxy.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ use SP\Mvc\View\Template;
<input id="proxy_server" name="proxy_server" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getProxyServer(); ?>">
value="<?php echo htmlspecialchars($configData->getProxyServer(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="proxy_server"><?php echo __('Proxy server'); ?></label>
</div>
Expand Down Expand Up @@ -80,7 +80,7 @@ use SP\Mvc\View\Template;
<input id="proxy_user" name="proxy_user" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getProxyUser(); ?>">
value="<?php echo htmlspecialchars($configData->getProxyUser(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="proxy_user"><?php echo __('Proxy server user'); ?></label>
</div>
Expand Down
2 changes: 1 addition & 1 deletion app/modules/web/themes/material-blue/views/config/general-site.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ use SP\Mvc\View\Template;
<input id="app_url" name="app_url" type="url"
pattern="^https?://.*"
class="mdl-textfield__input mdl-color-text--indigo-400"
value="<?php echo $configData->getApplicationUrl(); ?>"/>
value="<?php echo htmlspecialchars($configData->getApplicationUrl(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="app_url"><?php echo __('Application URL'); ?></label>
</div>
Expand Down
8 changes: 4 additions & 4 deletions app/modules/web/themes/material-blue/views/config/ldap.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ use SP\Mvc\View\Template;
<input id="ldap_server" name="ldap_server" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getLdapServer(); ?>"/>
value="<?php echo htmlspecialchars($configData->getLdapServer(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="ldap_server"><?php echo __('Server'); ?></label>
</div>
Expand Down Expand Up @@ -156,7 +156,7 @@ use SP\Mvc\View\Template;
<input id="ldap_binduser" name="ldap_binduser" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getLdapBindUser(); ?>"/>
value="<?php echo htmlspecialchars($configData->getLdapBindUser(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="ldap_binduser"><?php echo __('User'); ?></label>
</div>
Expand Down Expand Up @@ -223,7 +223,7 @@ use SP\Mvc\View\Template;
<input id="ldap_base" name="ldap_base" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getLdapBase(); ?>"/>
value="<?php echo htmlspecialchars($configData->getLdapBase(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="ldap_base"><?php echo __('Search base'); ?></label>
</div>
Expand Down Expand Up @@ -259,7 +259,7 @@ use SP\Mvc\View\Template;
<input id="ldap_group" name="ldap_group" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getLdapGroup(); ?>"/>
value="<?php echo htmlspecialchars($configData->getLdapGroup(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="ldap_group"><?php echo __('Group'); ?></label>
</div>
Expand Down
6 changes: 3 additions & 3 deletions app/modules/web/themes/material-blue/views/config/mail.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ use SP\Mvc\View\Template;
<input id="mail_server" name="mail_server" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getMailServer(); ?>"/>
value="<?php echo htmlspecialchars($configData->getMailServer(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="mail_server"><?php echo __('Server'); ?></label>
</div>
Expand Down Expand Up @@ -126,7 +126,7 @@ use SP\Mvc\View\Template;
<input id="mail_user" name="mail_user" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="50"
value="<?php echo $configData->getMailUser(); ?>"/>
value="<?php echo htmlspecialchars($configData->getMailUser(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="mail_user"><?php echo __('User'); ?></label>
</div>
Expand Down Expand Up @@ -173,7 +173,7 @@ use SP\Mvc\View\Template;
<input id="mail_from" name="mail_from" type="email"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getMailFrom(); ?>"/>
value="<?php echo htmlspecialchars($configData->getMailFrom(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="mail_from"><?php echo __('Sender email address'); ?></label>
</div>
Expand Down
6 changes: 3 additions & 3 deletions app/modules/web/themes/material-blue/views/config/wiki-dokuwiki.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ use SP\Mvc\View\Template;
<input id="dokuwiki_url" name="dokuwiki_url" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="255"
value="<?php echo $configData->getDokuwikiUrl(); ?>"/>
value="<?php echo htmlspecialchars($configData->getDokuwikiUrl(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="dokuwiki_url"><?php echo __('API URL'); ?></label>
</div>
Expand Down Expand Up @@ -118,7 +118,7 @@ use SP\Mvc\View\Template;
type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="255"
value="<?php echo $configData->getDokuwikiUrlBase(); ?>"/>
value="<?php echo htmlspecialchars($configData->getDokuwikiUrlBase(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="dokuwiki_urlbase"><?php echo __('Base URL'); ?></label>
</div>
Expand All @@ -141,7 +141,7 @@ use SP\Mvc\View\Template;
<input id="dokuwiki_user" name="dokuwiki_user" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="128"
value="<?php echo $configData->getDokuwikiUser(); ?>"/>
value="<?php echo htmlspecialchars($configData->getDokuwikiUser(), ENT_QUOTES); ?>"/>
<label class="mdl-textfield__label"
for="dokuwiki_user"><?php echo __('User'); ?></label>
</div>
Expand Down
4 changes: 2 additions & 2 deletions app/modules/web/themes/material-blue/views/config/wiki.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ use SP\Mvc\View\Template;
<input id="wiki_searchurl" name="wiki_searchurl" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="255"
value="<?php echo $configData->getWikiSearchurl(); ?>">
value="<?php echo htmlspecialchars($configData->getWikiSearchurl(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="wiki_searchurl"><?php echo __('Wiki search URL'); ?></label>
</div>
Expand Down Expand Up @@ -109,7 +109,7 @@ use SP\Mvc\View\Template;
<input id="wiki_pageurl" name="wiki_pageurl" type="text"
class="mdl-textfield__input mdl-color-text--indigo-400"
maxlength="255"
value="<?php echo $configData->getWikiPageurl(); ?>">
value="<?php echo htmlspecialchars($configData->getWikiPageurl(), ENT_QUOTES); ?>">
<label class="mdl-textfield__label"
for="wiki_pageurl"><?php echo __('Wiki page URL'); ?></label>
</div>
Expand Down
2 changes: 1 addition & 1 deletion composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@
"docs": "https://doc.syspass.org"
},
"require": {
"roave/security-advisories": "dev-master",
"php": "~7.4",
"defuse/php-encryption": "^2.1",
"phpmailer/phpmailer": "^6.0",
Expand All @@ -41,6 +40,7 @@
"ext-mbstring": "*"
},
"require-dev": {
"roave/security-advisories": "dev-latest",
"phpunit/phpunit": "^6",
"phpunit/dbunit": "^3",
"fzaninotto/faker": "^v1.8",
Expand Down
Loading