[aur-dev] [PATCH] pkg_details.php: Fix potential XSS for package names and dep conditions

Wed, 07 Nov 2012 01:09:05 -0800 

From: canyonknight <[email protected]>

Package names and dep conditions can be specially crafted for an XSS
attack. Properly sanitize these variables on the package details page.

In addition, avoid including dep conditions as part of a package link.

Signed-off-by: canyonknight <[email protected]>
Signed-off-by: Lukas Fleischer <[email protected]>
---
 web/template/pkg_details.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index cdf2764..b5d8a9f 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -190,9 +190,9 @@ if ($row["MaintainerUID"]):
                # darr: (DepName, DepCondition, PackageID), where ID is NULL if 
it didn't exist
                if (!is_null($darr[2])):
 ?>
-                               <li><a href="<?= 
htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View 
packages details for').' '.$darr[0].$darr[1]?>"><?= $darr[0].$darr[1]?></a></li>
+                               <li><a href="<?= 
htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View 
packages details for').' '. htmlspecialchars($darr[0]) ?>"><?= 
htmlspecialchars($darr[0]) ?></a><?= htmlspecialchars($darr[1]) ?></li>
                <?php else: ?>
-                               <li><a 
href="https://www.archlinux.org/packages/?q=<?= urlencode($darr[0])?>" 
title="<?= __('View packages details for').' '.$darr[0].$darr[1] ?>"><?= 
$darr[0].$darr[1] ?></a></li>
+                               <li><a 
href="https://www.archlinux.org/packages/?q=<?= urlencode($darr[0])?>" 
title="<?= __('View packages details for').' ' . htmlspecialchars($darr[0]) 
?>"><?= htmlspecialchars($darr[0]) ?></a><?= htmlspecialchars($darr[1]) ?></li>
                <?php endif; ?>
        <?php endwhile; ?>
                        </ul>
@@ -206,7 +206,7 @@ if ($row["MaintainerUID"]):
        # darr: (PackageName, PackageID)
        while (list($k, $darr) = each($requiredby)):
 ?>
-                               <li><a href="<?= 
htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View 
packages details for').' '.$darr[0]?>"><?= $darr[0] ?></a></li>
+                               <li><a href="<?= 
htmlspecialchars(get_pkg_uri($darr[0]), ENT_QUOTES); ?>" title="<?= __('View 
packages details for').' ' . htmlspecialchars($darr[0]) ?>"><?= 
htmlspecialchars($darr[0]) ?></a></li>
        <?php endwhile; ?>
                        </ul>
 <?php endif; ?>
-- 
1.8.0

Reply via email to