From 4aa2eda32c67dd5579f1aee3d108b7577ca0798b Mon Sep 17 00:00:00 2001 From: Remi Collet Date: Thu, 5 Oct 2017 10:07:20 +0200 Subject: fix XSS, OBB-318298 --- zoom.php | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) diff --git a/zoom.php b/zoom.php index 648939f..48f1776 100644 --- a/zoom.php +++ b/zoom.php @@ -41,19 +41,6 @@ $fedcli = new FedoraPkgdb(); $name = $_GET['rpm']; $type = (isset($_GET['type']) ? $_GET['type'] : "html"); -$smarty->assign('name_required', true); -$smarty->assign('name', $name); -$ariane[] = array( - 'url' => '#', - 'text' => 'Package: ' . $name -); -$ajax_infos = '(wait for ajax or reload with pkgdb)'; -$smarty->assign('ajax_infos', $ajax_infos); -$smarty->assign('ariane', $ariane); -$smarty->assign('page_title', 'Package: ' . $name); - /** * Retrieve people informations for a specific branch * @@ -129,8 +116,13 @@ if ( !isset($name) || !$name ) { $packages = array(); $fedpkg = false; if (!$rpm) { + // cleanup the name + $name = preg_replace("/[^a-zA-Z0-9-_]/", ".", $name); echo "

$name not found

\n"; } else { + // use name from the DB + $name = $rpm->name; + if ($rpm->summary) { $summary['Summary'] = $rpm->summary; } else if ($owner->summary) { @@ -214,6 +206,19 @@ if ( !isset($name) || !$name ) { } } +$smarty->assign('name', $name); +$smarty->assign('name_required', true); +$ariane[] = array( + 'url' => '#', + 'text' => 'Package: ' . $name +); +$ajax_infos = '(wait for ajax or reload with pkgdb)'; +$smarty->assign('ajax_infos', $ajax_infos); +$smarty->assign('ariane', $ariane); +$smarty->assign('page_title', 'Package: ' . $name); + if ($type == "json") { // Displays the output as json (TODO : why not use json_encode) header('Content-Type: application/json'); -- cgit