diff options
author | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2013-08-19 08:25:33 +0200 |
---|---|---|
committer | Benjamin Kellermann <Benjamin.Kellermann@gmx.de> | 2013-08-19 08:25:33 +0200 |
commit | fe5ff8340292958c247cf7e3f1ad8330c88de33a (patch) | |
tree | 25d6183684d0f63eebb5a702467f03e0f2a64823 | |
parent | 6cd3ca6c265e2d55be6d0906cdae8d178e9e222d (diff) |
Bugfix XSS (thanks to Sipke Mellema)
-rwxr-xr-x | customize.rb | 3 | ||||
-rw-r--r-- | poll.rb | 15 |
2 files changed, 10 insertions, 8 deletions
diff --git a/customize.rb b/customize.rb index af64fa3..2062365 100755 --- a/customize.rb +++ b/customize.rb @@ -69,11 +69,12 @@ $d << "</div>" username = $cgi.cookies["username"][0] +username = CGI.escapeHTML(username) if username if $cgi.include?("delete_username") $d.html.add_cookie("username","","/",Time.now - 1*60*60*24*365) username = nil elsif $cgi.include?("username") && $cgi["username"] != "" - username = $cgi["username"] + username = CGI.escapeHTML($cgi["username"]) $d.html.add_cookie("username",username,"/",Time.now + 1*60*60*24*365) end @@ -178,7 +178,7 @@ class Poll end def invite_to_html - edituser = $cgi["edituser"] unless $cgi.include?("deleteuser") + edituser = CGI.escapeHTML($cgi["edituser"]) unless $cgi.include?("deleteuser") invitestr = _("Invite") namestr = _("Name") ret = <<HEAD @@ -248,24 +248,25 @@ END end def deleteuser_to_html + edituser = CGI.escapeHTML($cgi["edituser"]) ret = "<tr id='add_participant'>\n" - ret += "<td colspan='2' class='name'>#{$cgi["edituser"]}</td>" + ret += "<td colspan='2' class='name'>#{edituser}</td>" ret += "<td colspan='#{@head.col_size}'>" - ret += _("Do you really want to delete user %{user}?") % {:user => $cgi["edituser"]} - ret += "<input type='hidden' name='delete_participant_confirm' value='#{$cgi["edituser"]}' />" + ret += _("Do you really want to delete user %{user}?") % {:user => edituser} + ret += "<input type='hidden' name='delete_participant_confirm' value='#{edituser}' />" ret += "</td>" - ret += save_input($cgi["edituser"], "", _("Confirm")) + ret += save_input(edituser, "", _("Confirm")) ret += "</tr>" ret end def edituser_to_html - edituser = $cgi["edituser"] + edituser = CGI.escapeHTML($cgi["edituser"]) checked = {} if @data.include?(edituser) @head.columns.each{|k| checked[k] = @data[edituser][k]} else - edituser = $cgi.cookies["username"][0] unless @data.include?($cgi.cookies["username"][0]) + edituser = CGI.escapeHTML($cgi.cookies["username"][0]) unless @data.include?($cgi.cookies["username"][0]) @head.columns.each{|k| checked[k] = NOVAL} end |