fix XSS, OBB-318298

1 files changed, 18 insertions, 13 deletions

diff --git a/zoom.php b/zoom.php
index 648939f..48f1776 100644
--- a/zoom.php
+++ b/zoom.php
@@ -41,19 +41,6 @@ $fedcli = new FedoraPkgdb();
 $name = $_GET['rpm'];
 $type = (isset($_GET['type']) ? $_GET['type'] : "html");
 
-$smarty->assign('name_required', true);
-$smarty->assign('name', $name);
-$ariane[] = array(
-    'url'   => '#',
-    'text'  => 'Package: ' . $name
-);
-$ajax_infos = '<span class="ajax">(wait for ajax or <a href="' .
-    $_SERVER['PHP_SELF'] . '?rpm='.$name.
-    '&amp;pkgdb=1">reload with pkgdb</a>)</span>';
-$smarty->assign('ajax_infos', $ajax_infos);
-$smarty->assign('ariane', $ariane);
-$smarty->assign('page_title', 'Package: ' . $name);
-
 /**
 * Retrieve people informations for a specific branch
 *
@@ -129,8 +116,13 @@ if ( !isset($name) || !$name ) {
         $packages = array();
         $fedpkg = false;
         if (!$rpm) {
+            // cleanup the name
+            $name = preg_replace("/[^a-zA-Z0-9-_]/", ".", $name);
             echo "<h1>$name not found</h1>\n";
         } else {
+            // use name from the DB
+            $name = $rpm->name;
+
             if ($rpm->summary) {
                 $summary['Summary'] = $rpm->summary;
             } else if ($owner->summary) {
@@ -214,6 +206,19 @@ if ( !isset($name) || !$name ) {
     }
 }
 
+$smarty->assign('name', $name);
+$smarty->assign('name_required', true);
+$ariane[] = array(
+    'url'   => '#',
+    'text'  => 'Package: ' . $name
+);
+$ajax_infos = '<span class="ajax">(wait for ajax or <a href="' .
+    $_SERVER['PHP_SELF'] . '?rpm='.$name.
+    '&amp;pkgdb=1">reload with pkgdb</a>)</span>';
+$smarty->assign('ajax_infos', $ajax_infos);
+$smarty->assign('ariane', $ariane);
+$smarty->assign('page_title', 'Package: ' . $name);
+
 if ($type == "json") {
     // Displays the output as json (TODO : why not use json_encode)
     header('Content-Type: application/json');