From 3f2a4dd6d4b65eef7608dec6196a67e41ba96773 Mon Sep 17 00:00:00 2001
From: Michael Herger <mherger@logitech.com>
Date: Wed, 15 Nov 2017 06:19:32 +0100
Subject: [PATCH] Encode HTML entities to prevent some XSS exploits.

CVE-2017-16567
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16567
https://www.exploit-db.com/exploits/43122/

CVE-2017-16568
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16568
https://www.exploit-db.com/exploits/43123/

CVE-2017-15687
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15687
https://www.exploit-db.com/exploits/43024/
---
 HTML/Default/home.html                                 |  2 +-
 .../Favorites/HTML/EN/plugins/Favorites/index.html     | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/HTML/Default/home.html b/HTML/Default/home.html
index ebea5f047a6..41ace67b376 100644
--- a/HTML/Default/home.html
+++ b/HTML/Default/home.html
@@ -144,7 +144,7 @@
 						</span>
 						<div class="smallBrowseItemDetail">
 					[% END %]
-					[% IF dontGetString; link.key; ELSE; string; END %]
+					[% IF dontGetString; link.key | html; ELSE; string | html; END %]
 					[% IF link.icon && !noIcon %]
 						</div>
 					[% END %]
diff --git a/Slim/Plugin/Favorites/HTML/EN/plugins/Favorites/index.html b/Slim/Plugin/Favorites/HTML/EN/plugins/Favorites/index.html
index 464a845dd69..300c8083110 100644
--- a/Slim/Plugin/Favorites/HTML/EN/plugins/Favorites/index.html
+++ b/Slim/Plugin/Favorites/HTML/EN/plugins/Favorites/index.html
@@ -11,7 +11,7 @@
 				<input type="hidden" name="sess" value="[% sess %]">
 				<input type="hidden" name="action" value="editset">
 				<input type="hidden" name="removeoncancel" value="[% removeoncancel %]">
-				<input id="edit_title_[% entry.index %]" style="width: 71%;" type="text" class="stdedit" name="entrytitle" value="[% entry.title %]" [% IF newlevel %] onClick="this.value=''"[% END %]>
+				<input id="edit_title_[% entry.index %]" style="width: 71%;" type="text" class="stdedit" name="entrytitle" value="[% entry.title | html %]" [% IF newlevel %] onClick="this.value=''"[% END %]>
 				[% IF useAJAX %]
 					<input type="button" class="stdclick" style="display: inline; width: 10%;" value=[% "SAVE" | string %] onclick="editSave('[% entry.index %]', '[% sess %]'); return false;" />
 					<input type="button" class="stdclick" style="display: inline; width: 10%;" value=[% "PLUGIN_FAVORITES_CANCEL" | string %] onclick="editCancel('[% entry.index %]', '[% sess %]'[% IF removeoncancel %],[% removeoncancel %][% END %]); return false;" />
@@ -29,7 +29,7 @@
 						<input type="hidden" name="sess" value="[% sess %]">
 						<input type="hidden" name="action" value="editset">
 						<input type="hidden" name="removeoncancel" value="[% removeoncancel %]">
-						<input id="edit_title_[% entry.index %]" size="25" type="text" class="stdedit" name="entrytitle" value="[% entry.title %]" [% IF newentry %] onClick="this.value=''"[% END %]>
+						<input id="edit_title_[% entry.index %]" size="25" type="text" class="stdedit" name="entrytitle" value="[% entry.title | html %]" [% IF newentry %] onClick="this.value=''"[% END %]>
 					</td>
 					<td width="35%">
 						<input id="edit_url_[% entry.index %]" size="25" type="text" class="stdedit" name="entryurl" value="[% entry.url %]" [% IF newentry %] onClick="this.value=''"[% END %]>
@@ -55,7 +55,7 @@ <h4><form id="title" name="title" method="get" action="[% webroot %]plugins/Favo
 	[% "TITLE" | string %]
 	<input type="hidden" name="sess" value="[% sess %]">
 	<input type="hidden" name="index" value="[% levelindex %]">
-	<input id="newtitle" type="text" class="stdedit" name="title" style="width: 70%;" value="[% title %]" [% IF newentry %] onClick="this.value=''"[% END %] >
+	<input id="newtitle" type="text" class="stdedit" name="title" style="width: 70%;" value="[% title | html %]" [% IF newentry %] onClick="this.value=''"[% END %] >
 	<input type="submit" class="stdclick" value="[% 'SAVE' | string %]">
 	[% IF useAJAX %]
 		<input type="button" class="stdclick" style="display: inline; width: 10%;" value="[% 'PLUGIN_FAVORITES_CANCEL' | string %]" onclick="cancelTitle([% entry.index %]); return false;" />
@@ -122,7 +122,7 @@ <h4><form id="title" name="title" method="get" action="[% webroot %]plugins/Favo
 [% BLOCK entryblock -%]
 	[%- WRAPPER contentitem leftcontrols = 'playcontrols' rightcontrols = 'editcontrols' itemobj.id = entry.index %]
 		<a id="dragitemhref_[% entry.index %]" href="[% webroot %]plugins/Favorites/index.html?index=[% entry.index %]&amp;player=[% playerURI %]&amp;sess=[% sess %]" class="browseItemLink">
-			<span id="dragitemtitle_[% entry.index %]" class = "favoritesText">[% entry.title %]</span>
+			<span id="dragitemtitle_[% entry.index %]" class = "favoritesText">[% entry.title | html %]</span>
 		</a>
 	[% END -%]
 [% END %]
@@ -214,7 +214,7 @@ <h4><form id="title" name="title" method="get" action="[% webroot %]plugins/Favo
 		     href="javascript:void(0);" onClick="ajaxUpdate('index.html', 'insert&amp;index=[% levelindex %]&amp;sess=[% sess %]'[% IF initCall; ', ' _ initCall; END %]);" class="browseItemLink"
 		   [%- ELSE %]
 		     href="[% webroot %]plugins/Favorites/index.html?insert&amp;index=[% levelindex %]&amp;sess=[% sess %]"
-		   [%- END %]><b><I>[% "PLUGIN_FAVORITES_PASTE" | string %]</b> [ [% deleted %] ]</I></a>
+		   [%- END %]><b><I>[% "PLUGIN_FAVORITES_PASTE" | string %]</b> [ [% deleted | html %] ]</I></a>
 		
 	[% END %]
 	[% IF useAJAX %]</span>[% END %]