opensourcemirror
/
dokuwiki
mirror of https://github.com/splitbrain/dokuwiki.git
1
0
Fork 0
Code Issues Releases Wiki Activity

properly encode signature code 

This addresses the XSS vulnerability mentioned in #3044
This commit is contained in:
Andreas Gohr 2020-04-12 15:40:34 +02:00 committed by Guy Brand
parent 4e34491f07
commit f47f9aaf20
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
inc/template.php
View File

@ -337,7 +337,7 @@ function tpl_metaheaders($alt = true) {
$script = "var NS='".$INFO['namespace']."';";
if($conf['useacl'] && $INPUT->server->str('REMOTE_USER')) {
$script .= "var SIG='".toolbar_signature()."';";
$script .= "var SIG=".toolbar_signature().";";
}
jsinfo();
$script .= 'var JSINFO = ' . json_encode($JSINFO).';';

2
inc/toolbar.php
View File

@ -251,7 +251,7 @@ function toolbar_signature(){
$sig = str_replace('@MAIL@',$INFO['userinfo']['mail'],$sig);
$sig = str_replace('@DATE@',dformat(),$sig);
$sig = str_replace('\\\\n','\\n',addslashes($sig));
return $sig;
return json_encode($sig);
}
//Setup VIM: ex: et ts=4 :