Fix an XSS vulnerability in the system log (see CVE-2018-10125).

contao · Apr 18, 2018 · 89378e8 · 89378e8
1 parent 04af3d1
commit 89378e8
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 2 deletions.
diff --git a/system/docs/CHANGELOG.md b/system/docs/CHANGELOG.md
@@ -1,6 +1,13 @@
 Contao Open Source CMS changelog
 ================================
 
+Version 3.5.35 (2018-04-18)
+---------------------------
+
+### Fixed
+Fix an XSS vulnerability in the system log (see CVE-2018-10125).
+
+
 Version 3.5.34 (2018-03-06)
 ---------------------------
 

diff --git a/system/modules/core/drivers/DC_Table.php b/system/modules/core/drivers/DC_Table.php
@@ -562,7 +562,7 @@ public function show()
 			$return .= '
   <tr>
     <td'.$class.'><span class="tl_label">'.$label.': </span></td>
-    <td'.$class.'>'.$row[$i].'</td>
+    <td'.$class.'>'.specialchars($row[$i]).'</td>
   </tr>';
 		}
 

diff --git a/system/modules/core/library/Contao/System.php b/system/modules/core/library/Contao/System.php
@@ -186,7 +186,7 @@ public static function log($strText, $strFunction, $strCategory)
 		}
 
 		\Database::getInstance()->prepare("INSERT INTO tl_log (tstamp, source, action, username, text, func, ip, browser) VALUES(?, ?, ?, ?, ?, ?, ?, ?)")
-							   ->execute(time(), (TL_MODE == 'FE' ? 'FE' : 'BE'), $strCategory, ($GLOBALS['TL_USERNAME'] ? $GLOBALS['TL_USERNAME'] : ''), specialchars($strText), $strFunction, $strIp, $strUa);
+							   ->execute(time(), (TL_MODE == 'FE' ? 'FE' : 'BE'), $strCategory, ($GLOBALS['TL_USERNAME'] ? $GLOBALS['TL_USERNAME'] : ''), specialchars($strText), $strFunction, $strIp, specialchars($strUa));
 
 		// HOOK: allow to add custom loggers
 		if (isset($GLOBALS['TL_HOOKS']['addLogEntry']) && is_array($GLOBALS['TL_HOOKS']['addLogEntry']))