XSS in Datenbankbeschreibung (8e10c62) - webinterface.git

XSS in Datenbankbeschreibung

Hanno commited on 2019-03-09 09:28:36
Zeige 2 geänderte Dateien mit 3 Einfügungen und 3 Löschungen.

modules/mysql/description.php 9142f92..7ecec2b
modules/mysql/overview.php 2ed3839..2140600

@@ -37,7 +37,7 @@ if (isset($_GET['db'])) {
         }
     }
     $form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisdb['name'].'</strong>.</p>';
-    $form .= '<p><input type="text" name="description" value="'.$thisdb['description'].'" /></p>
+    $form .= '<p><input type="text" name="description" value="'.filter_input_general($thisdb['description']).'" /></p>
 <p><input type="submit" value="Speichern" /></p>';
     output(html_form('mysql_description', 'save', "action=description&db={$thisdb['name']}", $form));
 }
@@ -49,7 +49,7 @@ if (isset($_GET['username'])) {
         }
     }
     $form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisuser['username'].'</strong>.</p>';
-    $form .= '<p><input type="text" name="description" value="'.$thisuser['description'].'" /></p>
+    $form .= '<p><input type="text" name="description" value="'.filter_input_general($thisuser['description']).'" /></p>
 <p><input type="submit" value="Speichern" /></p>';
     output(html_form('mysql_description', 'save', "action=description&username={$thisuser['username']}", $form));
 }

modules/mysql/overview.php

Zeige Datei @ 8e10c62

@@ -78,7 +78,7 @@ if (count($dbs) > 0 || count($users) > 0) {
         $phpmyadmin = "https://mysql-{$servers[$db['name']]}/";
         $desc = '';
         if ($db['description']) {
-            $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.$db['description'].'</span>';
+            $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.filter_input_general($db['description']).'</span>';
         }
         output("<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\"><span title=\"Erstellt: {$db['created']}\">{$db['name']}</span>".$desc."<br />");
         output(internal_link('description', other_icon("comment.png", 'Datenbank-Beschreibung ändern'), "db={$db['name']}")."&#160;");


...	...	@@ -37,7 +37,7 @@ if (isset($_GET['db'])) {
37	37	}
38	38	}
39	39	$form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisdb['name'].'</strong>.</p>';
40		- $form .= '<p><input type="text" name="description" value="'.$thisdb['description'].'" /></p>
	40	+ $form .= '<p><input type="text" name="description" value="'.filter_input_general($thisdb['description']).'" /></p>
41	41	<p><input type="submit" value="Speichern" /></p>';
42	42	output(html_form('mysql_description', 'save', "action=description&db={$thisdb['name']}", $form));
43	43	}
...	...	@@ -49,7 +49,7 @@ if (isset($_GET['username'])) {
49	49	}
50	50	}
51	51	$form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisuser['username'].'</strong>.</p>';
52		- $form .= '<p><input type="text" name="description" value="'.$thisuser['description'].'" /></p>
	52	+ $form .= '<p><input type="text" name="description" value="'.filter_input_general($thisuser['description']).'" /></p>
53	53	<p><input type="submit" value="Speichern" /></p>';
54	54	output(html_form('mysql_description', 'save', "action=description&username={$thisuser['username']}", $form));
55	55	}

...	...	@@ -78,7 +78,7 @@ if (count($dbs) > 0 \|\| count($users) > 0) {
78	78	$phpmyadmin = "https://mysql-{$servers[$db['name']]}/";
79	79	$desc = '';
80	80	if ($db['description']) {
81		- $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.$db['description'].'</span>';
	81	+ $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.filter_input_general($db['description']).'</span>';
82	82	}
83	83	output("<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\"><span title=\"Erstellt: {$db['created']}\">{$db['name']}</span>".$desc."<br />");
84	84	output(internal_link('description', other_icon("comment.png", 'Datenbank-Beschreibung ändern'), "db={$db['name']}")." ");
85	85