Skip to content

Commit

Permalink
Fix various XSS related issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@iliajie
iliajie committed Aug 3, 2023
1 parent 788efc4 commit 76cf41e
Show file tree
Hide file tree
Showing 9 changed files with 23 additions and 24 deletions.
4 changes: 2 additions & 2 deletions forward/edit_afile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ open(FILE, $in{'file'});
@lines = <FILE>;
close(FILE);

print "<b>",&text('afile_desc', "<tt>$in{'vfile'}</tt>"),"</b><p>\n";
print "<b>",&text('afile_desc', "<tt>@{[&html_escape($in{'vfile'})]}</tt>"),"</b><p>\n";

print "<form action=save_afile.cgi method=post enctype=multipart/form-data>\n";
print &ui_hidden("file", $in{'file'}),"\n";
Expand All @@ -23,6 +23,6 @@ print "<input type=submit value=\"$text{'save'}\"> ",
"<input type=reset value=\"$text{'afile_undo'}\">\n";
print "</form>\n";

&ui_print_footer("edit_alias.cgi?num=$in{'num'}&file=$in{'file'}",
&ui_print_footer("edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}",
$text{'aform_return'});

4 changes: 2 additions & 2 deletions forward/edit_ffile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ while(<FILE>) {
}
close(FILE);

print "<b>",&text('ffile_desc', "<tt>$in{'vfile'}</tt>"),"</b><p>\n";
print "<b>",&text('ffile_desc', "<tt>@{[&html_escape($in{'vfile'})]}</tt>"),"</b><p>\n";

print "<form action=save_ffile.cgi method=post enctype=multipart/form-data>\n";
print &ui_hidden("file", $in{'file'}),"\n";
Expand Down Expand Up @@ -56,6 +56,6 @@ print &text('ffile_other',
print "<input type=submit value=\"$text{'save'}\">\n";
print "</form>\n";

&ui_print_footer("edit_alias.cgi?num=$in{'num'}&file=$in{'file'}",
&ui_print_footer("edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}",
$text{'aform_return'});

4 changes: 2 additions & 2 deletions forward/edit_rfile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ if (!-r $in{'vfile'}) {
$from = $froms->[0];
}

print &text('rfile_desc', "<tt>$in{'vfile'}</tt>"),"<p>\n";
print &text('rfile_desc', "<tt>@{[&html_escape($in{'vfile'})]}</tt>"),"<p>\n";
print "$text{'rfile_desc2'}<p>\n";

print "<form action=save_rfile.cgi method=post enctype=multipart/form-data>\n";
Expand Down Expand Up @@ -78,6 +78,6 @@ print "<input type=submit value=\"$text{'save'}\"> ",
"<input type=reset value=\"$text{'rfile_undo'}\">\n";
print "</form>\n";

&ui_print_footer("edit_alias.cgi?num=$in{'num'}&file=$in{'file'}",
&ui_print_footer("edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}",
$text{'aform_return'});

6 changes: 3 additions & 3 deletions forward/edit_vfile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ if (!-r $in{'vfile'}) {
$from = $froms->[0];
}

print &text('vfile_desc', "<tt>$in{'vfile'}</tt>"),"<p>\n";
print &text('vfile_desc', "<tt>@{[&html_escape($in{'vfile'})]}</tt>"),"<p>\n";

print "<form action=save_vfile.cgi method=post enctype=multipart/form-data>\n";
print &ui_hidden("file", $in{'file'}),"\n";
Expand Down Expand Up @@ -59,7 +59,7 @@ print "<input type=submit value=\"$text{'save'}\"> ",
print "</form>\n";

&ui_print_footer(defined($in{'idx'}) ?
( "edit_vacation.cgi?num=$in{'num'}&file=$in{'file'}&idx=$in{'idx'}", $text{'vacation_return'} ) : ( ),
"edit_alias.cgi?num=$in{'num'}&file=$in{'file'}",
( "edit_vacation.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}&idx=$in{'idx'}", $text{'vacation_return'} ) : ( ),
"edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}",
$text{'aform_return'});

21 changes: 10 additions & 11 deletions forward/index.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ if ($simple) {
print "<span data-unckecked>" . $text{'index_simple'.$s},"</span>\n";
}
else {
print "<a href='index.cgi?simple=$s'>",$text{'index_simple'.$s},"</a>\n";
print &ui_link("index.cgi?simple=$s", $text{'index_simple'.$s});
}
print "&nbsp;|&nbsp;\n" if ($s != 0);
}
Expand Down Expand Up @@ -149,10 +149,9 @@ else {
}

if (!$in{'simple'} || !$simple) {
@links = ( "<a href='edit_alias.cgi?new=1'>$text{'index_add'}</a>" );
@links = ( &ui_link('edit_alias.cgi?new=1', $text{'index_add'}) );
if ($config{'mail_system'} == 0 && $config{'edit'}) {
push(@links, "<a href='edit_forward.cgi'>".
&text('index_edit', "<tt>.forward</tt>")."</a>");
push(@links, &ui_link('edit_forward.cgi', &text('index_edit', "<tt>.forward</tt>")));
}
print &ui_links_row(\@links);
}
Expand All @@ -165,13 +164,12 @@ print &ui_columns_start([ $text{'aliases_to'},
$text{'aliases_enabled'} ], 100, 2);
foreach my $a (@_) {
my @cols;
my $e = "<a href=\"edit_alias.cgi?num=$a->{'num'}\">";
my $e = "";
foreach $v (@{$a->{'values'}}) {
($anum, $astr) = &alias_type($v);
$e .= &text("aliases_type$anum", "<tt>$astr</tt>")."<br>\n";
$e .= &text("aliases_type$anum", "<tt>@{[&html_escape($astr)]}</tt>")."<br>\n";
}
$e .= "</a>";
push(@cols, $e);
push(@cols, &ui_link("edit_alias.cgi?num=$a->{'num'}", $e));
push(@cols, $a->{'enabled'} ? $text{'yes'} :
"<font color=#ff0000>$text{'no'}</font>");
print &ui_columns_row(\@cols);
Expand All @@ -185,9 +183,10 @@ print "<table border width=100%>\n";
print "<tr $tb> <td><b>$text{'aliases_from'}</b></td> <td><b>$text{'aliases_to'}</b></td> </tr>\n";
foreach $a (@_) {
print "<tr $cb>\n";
print "<td><a href=\"edit_alias.cgi?file=$a->{'file'}\">",
$a->{'name'} ? "$remote_user-$a->{'name'}" : $remote_user,
"</td> <td>\n";
my $lnk = &ui_link("edit_alias.cgi?file=$a->{'file'}",
&html_escape($a->{'name'} ? "$remote_user-$a->{'name'}" : $remote_user));
print "<td>$lnk</td>\n";
print "<td>\n";
foreach $v (@{$a->{'values'}}) {
($anum, $astr) = &alias_type($v);
print &text("aliases_type$anum", "<tt>$astr</tt>"),"<br>\n";
Expand Down
2 changes: 1 addition & 1 deletion forward/save_afile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,5 +11,5 @@ $in{'text'} =~ s/\n*$/\n/;
&print_tempfile(FILE, $in{'text'});
&close_tempfile(FILE);

&redirect("edit_alias.cgi?num=$in{'num'}&file=$in{'file'}");
&redirect("edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}");

2 changes: 1 addition & 1 deletion forward/save_ffile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,5 @@ push(@filter, "2 ".$in{'other'}."\n") if ($in{'other'});
&open_tempfile(FILE, ">$in{'vfile'}", 1) || &error(&text('ffile_ewrite', $!));
&print_tempfile(FILE, @filter);
&close_tempfile(FILE);
&redirect("edit_alias.cgi?num=$in{'num'}&file=$in{'file'}");
&redirect("edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}");

2 changes: 1 addition & 1 deletion forward/save_rfile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@ if (!$in{'from_def'}) {
}
&print_tempfile(FILE, $in{'text'});
&close_tempfile(FILE);
&redirect("edit_alias.cgi?num=$in{'num'}&file=$in{'file'}");
&redirect("edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}");
2 changes: 1 addition & 1 deletion forward/save_vfile.cgi
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,4 +26,4 @@ if ($hl && $in{'text'} !~ /^(\S+):\s+\S/) {
}
&print_tempfile(FILE, $in{'text'});
&close_tempfile(FILE);
&redirect("edit_alias.cgi?num=$in{'num'}&file=$in{'file'}");
&redirect("edit_alias.cgi?num=$in{'num'}&file=@{[&urlize($in{'file'})]}");

0 comments on commit 76cf41e

Please sign in to comment.