Added some more protection against possible XSS attacks

thorsten · Sep 14, 2017 · 30b0025 · 30b0025
1 parent 169bdde
commit 30b0025
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 7 deletions.
diff --git a/phpmyfaq/admin/configuration.php b/phpmyfaq/admin/configuration.php
@@ -46,7 +46,12 @@
         // Set the new values
         $forbiddenValues = ['{', '}', '$'];
         $newConfigValues = [];
-        $escapeValues = ['main.contactInformations', 'main.customPdfHeader', 'main.customPdfFooter'];
+        $escapeValues = [
+            'main.contactInformations',
+            'main.customPdfHeader',
+            'main.customPdfFooter',
+            'main.titleFAQ'
+        ];
 
         // Special checks
         if (isset($editData['edit']['main.enableMarkdownEditor'])) {
@@ -58,7 +63,7 @@
             $newConfigValues[$key] = str_replace($forbiddenValues, '', $value);
             // Escape some values
             if (isset($escapeValues[$key])) {
-                $newConfigValues[$key] = PMF_String::htmlspecialchars($value, ENT_HTML5);
+                $newConfigValues[$key] = PMF_String::htmlspecialchars($value, ENT_QUOTES);
             }
             $keyArray = array_values(explode('.', $key));
             $newConfigClass = array_shift($keyArray);

diff --git a/phpmyfaq/inc/PMF/Faq.php b/phpmyfaq/inc/PMF/Faq.php
@@ -1602,7 +1602,7 @@ public function getRecordTitle($id)
 
         if ($this->_config->getDb()->numRows($result) > 0) {
             while ($row = $this->_config->getDb()->fetchObject($result)) {
-                $question = $row->question;
+                $question = PMF_String::htmlspecialchars($row->question);
             }
         } else {
             $question = $this->pmf_lang['no_cats'];

diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
@@ -479,11 +479,11 @@
 
 $tplMainPage = array(
     'msgLoginUser' => $user->isLoggedIn() ? $user->getUserData('display_name') : $PMF_LANG['msgLoginUser'],
-    'title' => $faqConfig->get('main.titleFAQ').$title,
+    'title' => PMF_String::htmlspecialchars($faqConfig->get('main.titleFAQ').$title),
     'baseHref' => $faqSystem->getSystemUri($faqConfig),
     'version' => $faqConfig->get('main.currentVersion'),
-    'header' => str_replace('"', '', $faqConfig->get('main.titleFAQ')),
-    'metaTitle' => str_replace('"', '', $faqConfig->get('main.titleFAQ').$title),
+    'header' => PMF_String::htmlspecialchars(str_replace('"', '', $faqConfig->get('main.titleFAQ'))),
+    'metaTitle' => PMF_String::htmlspecialchars(str_replace('"', '', $faqConfig->get('main.titleFAQ').$title)),
     'metaDescription' => $metaDescription,
     'metaKeywords' => $keywords,
     'metaPublisher' => $faqConfig->get('main.metaPublisher'),

diff --git a/phpmyfaq/main.php b/phpmyfaq/main.php
@@ -77,6 +77,6 @@
     'index',
     'breadcrumb',
     [
-        'breadcrumbHeadline' => $faqConfig->get('main.titleFAQ')
+        'breadcrumbHeadline' => PMF_String::htmlspecialchars($faqConfig->get('main.titleFAQ'))
     ]
 );