revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 08:52:39 +01:00
Code Issues Releases Wiki Activity

Fix XSS in Differential

Browse source 
Test Plan: Display a revision with file copied to ##<b>hack</b>##.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1411
This commit is contained in:
vrana 2012-01-15 22:25:53 -08:00
parent 59380582d8
commit 49a59bd885
2 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/applications/differential/parser/changeset/DifferentialChangesetParser.php
View file

@ -1618,7 +1618,9 @@ class DifferentialChangesetParser {
case DifferentialChangeType::TYPE_COPY_HERE: case DifferentialChangeType::TYPE_COPY_HERE:
$message = $message =
"This {$files[$file]} was {$verb} ". "This {$files[$file]} was {$verb} ".
"<strong>{$changeset->getOldFile()}</strong>."; "<strong>".
phutil_escape_html($changeset->getOldFile()).
"</strong>.";
break; break;
case DifferentialChangeType::TYPE_MOVE_AWAY: case DifferentialChangeType::TYPE_MOVE_AWAY:
case DifferentialChangeType::TYPE_COPY_AWAY: case DifferentialChangeType::TYPE_COPY_AWAY:
@ -1627,11 +1629,11 @@ class DifferentialChangesetParser {
if (count($paths) > 1) { if (count($paths) > 1) {
$message = $message =
"This {$files[$file]} was {$verb}: ". "This {$files[$file]} was {$verb}: ".
"<strong>".implode(', ', $paths)."</strong>."; "<strong>".phutil_escape_html(implode(', ', $paths))."</strong>.";
} else { } else {
$message = $message =
"This {$files[$file]} was {$verb} ". "This {$files[$file]} was {$verb} ".
"<strong>".reset($paths)."</strong>."; "<strong>".phutil_escape_html(reset($paths))."</strong>.";
} }
break; break;
case DifferentialChangeType::TYPE_CHANGE: case DifferentialChangeType::TYPE_CHANGE:

8
src/applications/differential/view/difftableofcontents/DifferentialDiffTableOfContentsView.php
View file

@ -1,7 +1,7 @@
<?php <?php
/* /*
* Copyright 2011 Facebook, Inc. * Copyright 2012 Facebook, Inc.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -75,14 +75,14 @@ final class DifferentialDiffTableOfContentsView extends AphrontView {
$meta[] = 'Copied to multiple locations:'; $meta[] = 'Copied to multiple locations:';
} }
foreach ($away as $path) { foreach ($away as $path) {
$meta[] = $path; $meta[] = phutil_escape_html($path);
} }
$meta = implode('<br />', $meta); $meta = implode('<br />', $meta);
} else { } else {
if ($type == DifferentialChangeType::TYPE_MOVE_AWAY) { if ($type == DifferentialChangeType::TYPE_MOVE_AWAY) {
$meta = 'Moved to '.reset($away); $meta = 'Moved to '.phutil_escape_html(reset($away));
} else { } else {
$meta = 'Copied to '.reset($away); $meta = 'Copied to '.phutil_escape_html(reset($away));
} }
} }
} else { } else {