[geeklog-cvs] geeklog: Try to avoid an XSS in the anonymous user name without ...

geeklog-cvs at lists.geeklog.net geeklog-cvs at lists.geeklog.net
Fri Apr 10 13:02:43 EDT 2009 

details:   http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/14f8191e6437
changeset: 6903:14f8191e6437
user:      Dirk Haun <dirk at haun-online.de>
date:      Fri Apr 10 18:58:37 2009 +0200
description:
Try to avoid an XSS in the anonymous user name without offending half of Ireland at the same time. Needs a review ...

diffstat:

1 file changed, 13 insertions(+), 12 deletions(-)
system/lib-comment.php |   25 +++++++++++++------------

diffs (57 lines):

diff -r aa75e418b922 -r 14f8191e6437 system/lib-comment.php
--- a/system/lib-comment.php	Fri Apr 10 18:20:12 2009 +0200
+++ b/system/lib-comment.php	Fri Apr 10 18:58:37 2009 +0200
@@ -2,7 +2,7 @@
 
 /* Reminder: always indent with 4 spaces (no tabs). */
 // +---------------------------------------------------------------------------+
-// | Geeklog 1.5                                                               |
+// | Geeklog 1.6                                                               |
 // +---------------------------------------------------------------------------+
 // | lib-comment.php                                                           |
 // |                                                                           |
@@ -302,11 +302,11 @@
         }
 
         // comment variables
-        $template->set_var( 'indent', $indent );
-        $template->set_var( 'author_name', $A['username'] );
-        $template->set_var( 'author_id', $A['uid'] );
-        $template->set_var( 'cid', $A['cid'] );
-        $template->set_var( 'cssid', $row % 2 );
+        $template->set_var('indent', $indent);
+        $template->set_var('author_name', strip_tags($A['username']));
+        $template->set_var('author_id', $A['uid']);
+        $template->set_var('cid', $A['cid']);
+        $template->set_var('cssid', $row % 2);
 
         if( $A['uid'] > 1 ) {
             $fullname = COM_getDisplayName( $A['uid'], $A['username'],
@@ -351,7 +351,7 @@
         } else {
             //comment is from anonymous user
             if (isset($A['name'])) {
-                $A['username'] = $A['name'];
+                $A['username'] = strip_tags($A['name']);
             }
             $template->set_var( 'author', $A['username'] );
             $template->set_var( 'author_fullname', $A['username'] );
@@ -1060,12 +1060,13 @@
     }
 
     $comment = addslashes(CMT_prepareText($comment, $postmode));
-    $title = addslashes(COM_checkWords (strip_tags ($title)));
-    if (isset($_POST['username']) && strcmp($_POST['username'],$LANG03[24]) != 0 
-         && $uid == 1 ) {
-        $name = COM_checkWords(strip_tags(addslashes($_POST['username'])));
+    $title = addslashes(COM_checkWords(strip_tags($title)));
+    if (isset($_POST['username']) && strcmp($_POST['username'],$LANG03[24]) != 0
+            && $uid == 1) {
+        $name = COM_checkWords(strip_tags(COM_stripslashes($_POST['username'])));
         setcookie('anon-name', $name);
-    } 
+        $name = addslashes($name);
+    }
 
     // check for non-int pid's
     // this should just create a top level comment that is a reply to the original item

More information about the geeklog-cvs mailing list