From b48a50862c7732bf0567daf5fd3fafae234133c0 Mon Sep 17 00:00:00 2001 From: michu2k Date: Sat, 31 Jul 2021 17:01:24 +0200 Subject: [PATCH] modules/snippets: Fixed code injection vulnerability --- inc/modules/navigation/Info.php | 6 +++--- inc/modules/snippets/Admin.php | 29 +++++++++++++++-------------- inc/modules/snippets/Info.php | 17 ++++++++--------- 3 files changed, 26 insertions(+), 26 deletions(-) diff --git a/inc/modules/navigation/Info.php b/inc/modules/navigation/Info.php index d9e9384..80fe1f7 100644 --- a/inc/modules/navigation/Info.php +++ b/inc/modules/navigation/Info.php @@ -13,10 +13,10 @@ return [ 'name' => $core->lang['navigation']['module_name'], 'description' => $core->lang['navigation']['module_desc'], 'author' => 'Sruu.pl', - 'version' => '1.2', + 'version' => '1.3', 'compatibility' => '1.3.*', 'icon' => 'list-ul', - 'install' => function () use ($core) { + 'install' => function () use ($core) { $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `navs` ( `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, `name` text NOT NULL @@ -46,7 +46,7 @@ return [ $core->db()->pdo()->exec("INSERT INTO `navs_items` (`name`, `page`, `lang`, `nav`, `order`) VALUES ('Kontakt', 4, 'pl_polski', 1, 3)"); }, - 'uninstall' => function () use ($core) { + 'uninstall' => function () use ($core) { $core->db()->pdo()->exec("DROP TABLE `navs`"); $core->db()->pdo()->exec("DROP TABLE `navs_items`"); } diff --git a/inc/modules/snippets/Admin.php b/inc/modules/snippets/Admin.php index db3666f..68cbcdf 100644 --- a/inc/modules/snippets/Admin.php +++ b/inc/modules/snippets/Admin.php @@ -18,8 +18,8 @@ class Admin extends AdminModule public function navigation() { return [ - $this->lang('manage', 'general') => 'manage', - $this->lang('add') => 'add', + $this->lang('manage', 'general') => 'manage', + $this->lang('add') => 'add', ]; } @@ -61,7 +61,6 @@ class Admin extends AdminModule if ($id === null) { $row = ['name' => isset_or($assign['name'], null), 'content' => isset_or($assign['content'], null)]; - $assign['title'] = $this->lang('add'); } elseif (!empty($row = $this->db('snippets')->oneArray($id))) { $assign['title'] = $this->lang('edit'); @@ -74,6 +73,7 @@ class Admin extends AdminModule $assign['content'] = []; preg_match_all("/{lang: ([a-z]{2}_[a-z]+)}(.*?){\/lang}/ms", $row['content'], $matches); + foreach ($matches[1] as $key => $value) { $assign['content'][trim($value)] = $this->tpl->noParse(trim($matches[2][$key])); } @@ -103,8 +103,9 @@ class Admin extends AdminModule public function postSave($id = null) { unset($_POST['save']); + $formData = htmlspecialchars_array($_POST); - if (checkEmptyFields(['name'], $_POST)) { + if (checkEmptyFields(['name'], $formData)) { $this->notify('failure', $this->lang('empty_inputs', 'general')); if (!$id) { @@ -114,20 +115,20 @@ class Admin extends AdminModule } } - $_POST['name'] = trim($_POST['name']); - $_POST['slug'] = createSlug($_POST['name']); + $formData['name'] = trim($formData['name']); + $formData['slug'] = createSlug($formData['name']); $tmp = null; - foreach ($_POST['content'] as $lang => $content) { + foreach ($formData['content'] as $lang => $content) { $tmp .= "{lang: $lang}".$content."{/lang}"; } - $_POST['content'] = $tmp; + $formData['content'] = $tmp; if ($id === null) { // new $location = url([ADMIN, 'snippets', 'add']); - if (!$this->db('snippets')->where('slug', $_POST['slug'])->count()) { - if ($this->db('snippets')->save($_POST)) { + if (!$this->db('snippets')->where('slug', $formData['slug'])->count()) { + if ($this->db('snippets')->save($formData)) { $location = url([ADMIN, 'snippets', 'edit', $this->db()->lastInsertId()]); $this->notify('success', $this->lang('save_success')); } else { @@ -137,8 +138,8 @@ class Admin extends AdminModule $this->notify('failure', $this->lang('already_exists')); } } else { // edit - if (!$this->db('snippets')->where('slug', $_POST['slug'])->where('id', '<>', $id)->count()) { - if ($this->db('snippets')->where($id)->save($_POST)) { + if (!$this->db('snippets')->where('slug', $formData['slug'])->where('id', '<>', $id)->count()) { + if ($this->db('snippets')->where($id)->save($formData)) { $this->notify('success', $this->lang('save_success')); } else { $this->notify('failure', $this->lang('save_failure')); @@ -146,11 +147,11 @@ class Admin extends AdminModule } else { $this->notify('failure', $this->lang('already_exists')); } - + $location = url([ADMIN, 'snippets', 'edit', $id]); } - redirect($location, $_POST); + redirect($location, $formData); } /** diff --git a/inc/modules/snippets/Info.php b/inc/modules/snippets/Info.php index 430a4c0..5bc7f85 100644 --- a/inc/modules/snippets/Info.php +++ b/inc/modules/snippets/Info.php @@ -10,14 +10,13 @@ */ return [ - 'name' => $core->lang['snippets']['module_name'], - 'description' => $core->lang['snippets']['module_desc'], - 'author' => 'Sruu.pl', - 'version' => '1.1', - 'compatibility' => '1.3.*', - 'icon' => 'puzzle-piece', - - 'install' => function () use ($core) { + 'name' => $core->lang['snippets']['module_name'], + 'description' => $core->lang['snippets']['module_desc'], + 'author' => 'Sruu.pl', + 'version' => '1.2', + 'compatibility' => '1.3.*', + 'icon' => 'puzzle-piece', + 'install' => function () use ($core) { $core->db()->pdo()->exec("CREATE TABLE IF NOT EXISTS `snippets` ( `id` integer NOT NULL PRIMARY KEY AUTOINCREMENT, `name` text NOT NULL, @@ -25,7 +24,7 @@ return [ `content` text NOT NULL )"); }, - 'uninstall' => function () use ($core) { + 'uninstall' => function () use ($core) { $core->db()->pdo()->exec("DROP TABLE `snippets`"); } ];