From fd33fbbfae8d980b8fd96d841a74d027752f396f Mon Sep 17 00:00:00 2001 From: epriestley Date: Sat, 2 Jul 2016 05:17:05 -0700 Subject: [PATCH] (stable) Fix an XSS issue where Diffusion files exceeding the highlighting byte limit were not properly escaped Fixes T11257. Auditors: chad --- .../controller/DiffusionBrowseController.php | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/applications/diffusion/controller/DiffusionBrowseController.php b/src/applications/diffusion/controller/DiffusionBrowseController.php index 30c2b8265d..2d0ea7770b 100644 --- a/src/applications/diffusion/controller/DiffusionBrowseController.php +++ b/src/applications/diffusion/controller/DiffusionBrowseController.php @@ -682,17 +682,21 @@ final class DiffusionBrowseController extends DiffusionController { $blame_commits, $show_blame); } else { - if ($can_highlight) { - require_celerity_resource('syntax-highlighting-css'); + require_celerity_resource('syntax-highlighting-css'); + if (!$can_highlight) { $highlighted = PhabricatorSyntaxHighlighter::highlightWithFilename( $path, $file_corpus); - $lines = phutil_split_lines($highlighted); } else { - $lines = phutil_split_lines($file_corpus); + // Highlight as plain text to escape the content properly. + $highlighted = PhabricatorSyntaxHighlighter::highlightWithLanguage( + 'txt', + $file_corpus); } + $lines = phutil_split_lines($highlighted); + $rows = $this->buildDisplayRows( $lines, $blame_list,