Private GIT

Skip to content
Snippets Groups Projects
Unverified Commit 22c797c3 authored by Gary Allan's avatar Gary Allan
Browse files

Bugfix: XSS (reflected) in import previews

Reported by Faisal Fs <faisalfs10x@gmail.com>
parent 5852574f
Branches
No related tags found
No related merge requests found
......@@ -65,7 +65,7 @@ if (strtolower($filetype) == "csv") {
foreach ($cols as $val) {
$col++;
# map import columns to expected fields as per previous window
$fieldmap[$col] = $impfields[$val];
$fieldmap[$col] = escape_input(trim($impfields[$val]));
$hcol = $col;
}
......@@ -81,7 +81,7 @@ if (strtolower($filetype) == "csv") {
$Result->show('danger', _("Extra column found on line ").$row._(" in CSV file. CSV delimiter used in value field?"), true);
} else {
# read each row into a dictionary with expected fields as keys
$record[$fieldmap[$col]] = trim($val);
$record[$fieldmap[$col]] = escape_input(trim($val));
}
}
$data[] = $record;
......@@ -97,7 +97,7 @@ elseif(strtolower($filetype) == "xls") {
# map import columns to expected fields as per previous window
for($col=1;$col<=$xls->colcount($sheet);$col++) {
$fieldmap[$col] = $impfields[$Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet))];
$fieldmap[$col] = $impfields[escape_input($Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet)))];
$hcol = $col;
}
......@@ -105,15 +105,12 @@ elseif(strtolower($filetype) == "xls") {
for($row=2;$row<=$xls->rowcount($sheet);$row++) {
$record = array();
for($col=1;$col<=$xls->colcount($sheet);$col++) {
$record++;
if ($col > $hcol) {
$Result->show('danger', _("Extra column found on line ").$row._(" in XLS file. Please check input file."), true);
} else {
$record[$fieldmap[$col]] = trim($Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet)));
$record[$fieldmap[$col]] = escape_input(trim($Tools->convert_encoding_to_UTF8($xls->val($row,$col,$sheet))));
}
}
$data[] = $record;
}
}
?>
......@@ -92,6 +92,7 @@
+ XSS (reflected) in 'find subnets';
+ Incorrect privilege assignments (#3506);
+ XXS (reflected) in ripe-arin-query;
+ XSS (reflected) in import previews;
Translations:
----------------------------
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment