[aur-dev] [PATCH 1/2] Fix some more XSS vulnerabilities

Sat Feb 18 23:09:25 EST 2012

Escape strings properly using htmlspecialchars(). Seems like we missed
these in former cleanups. Fixes FS#28515.

Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
---
Based on maint. This is applied to our production environment on sigurd.

 web/template/header.php              |    2 +-
 web/template/pkg_details.php         |    2 +-
 web/template/stats/updates_table.php |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/web/template/header.php b/web/template/header.php
index 8313bb3..578fcb9 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -4,7 +4,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml"
 	xml:lang="<?php print "$LANG\" lang=\"$LANG"; ?>">
   <head>
-    <title>AUR (<?php print $LANG; ?>)<?php if ($title != "") { print " - " . $title; } ?></title>
+    <title>AUR (<?php print htmlspecialchars($LANG); ?>)<?php if ($title != "") { print " - " . htmlspecialchars($title); } ?></title>
 	<link rel='stylesheet' type='text/css' href='css/fonts.css' />
 	<link rel='stylesheet' type='text/css' href='css/containers.css' />
 	<link rel='stylesheet' type='text/css' href='css/arch.css' />
diff --git a/web/template/pkg_details.php b/web/template/pkg_details.php
index 880a675..046f836 100644
--- a/web/template/pkg_details.php
+++ b/web/template/pkg_details.php
@@ -69,7 +69,7 @@ $out_of_date_time = ($row["OutOfDateTS"] == 0) ? $msg : gmdate("r", intval($row[
 
 	<p>
 	<span class='f2'><?php echo htmlspecialchars($row['Name']) . ' ' . htmlspecialchars($row['Version']) ?></span><br />
-	<span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . $row['URL'] ?></a></span><br />
+	<span class='f3'><a href="<?php echo htmlspecialchars($row['URL'], ENT_QUOTES) . '">' . htmlspecialchars($row['URL']) ?></a></span><br />
 	<span class='f3'><?php echo htmlspecialchars($row['Description'], ENT_QUOTES); ?></span>
 	</p>
 
diff --git a/web/template/stats/updates_table.php b/web/template/stats/updates_table.php
index a8cdf5a..8da6732 100644
--- a/web/template/stats/updates_table.php
+++ b/web/template/stats/updates_table.php
@@ -11,7 +11,7 @@
 <td class="boxSoft">
 <span class="f4"><span class="blue">
 <a href="packages.php?ID=<?php print intval($row["ID"]); ?>">
-<?php print $row["Name"] . ' ' . $row["Version"]; ?>
+<?php print htmlspecialchars($row["Name"]) . ' ' . htmlspecialchars($row["Version"]); ?>
 </a></span></span>
 </td>
 <td class="boxSoft">
-- 
1.7.9.1

