Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix an instance of xss #677

Closed
wants to merge 6 commits into from
Closed
Show file tree
Hide file tree
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions driver-testsuite/web-fixtures/advanced_form_post.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,15 @@
}

$_POST['agreement'] = isset($_POST['agreement']) ? 'on' : 'off';
foreach ($_POST as $key => $value) {
unset($_POST[$key]);
$_POST[htmlspecialchars($key, ENT_QUOTES, 'UTF-8')] = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rather than replacing $_POST, I would rather use a separate array if we go this way

}
ksort($_POST);
echo str_replace('>', '', var_export($_POST, true)) . "\n";
if (isset($_FILES['about']) && file_exists($_FILES['about']['tmp_name'])) {
echo $_FILES['about']['name'] . "\n";
echo file_get_contents($_FILES['about']['tmp_name']);
echo htmlspecialchars($_FILES['about']['name'], ENT_QUOTES, 'UTF-8') . "\n";
echo htmlspecialchars(file_get_contents($_FILES['about']['tmp_name'], ENT_QUOTES, 'UTF-8'));
} else {
echo "no file";
}
Expand Down
7 changes: 3 additions & 4 deletions driver-testsuite/web-fixtures/basic_form_post.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,8 @@
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
</head>
<body>
<h1>Anket for <?php echo $_POST['first_name'] ?></h1>

<span id="first">Firstname: <?php echo $_POST['first_name'] ?></span>
<span id="last">Lastname: <?php echo $_POST['last_name'] ?></span>
<h1>Anket for <?php echo htmlspecialchars($_POST['first_name'], ENT_QUOTES, 'UTF-8') ?></h1>
<span id="first">Firstname: <?php echo htmlspecialchars($_POST['first_name'], ENT_QUOTES, 'UTF-8') ?></span>
<span id="last">Lastname: <?php echo htmlspecialchars($_POST['last_name'], ENT_QUOTES, 'UTF-8') ?></span>
</body>
</html>
2 changes: 1 addition & 1 deletion driver-testsuite/web-fixtures/basic_get_form.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<h1>Basic Get Form Page</h1>

<div id="serach">
<?php echo isset($_GET['q']) && $_GET['q'] ? $_GET['q'] : 'No search query' ?>
<?php echo isset($_GET['q']) && $_GET['q'] ? htmlspecialchars($_GET['q'], ENT_QUOTES, 'UTF-8') : 'No search query' ?>
</div>

<form>
Expand Down
2 changes: 1 addition & 1 deletion driver-testsuite/web-fixtures/cookie_page2.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,6 @@
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
</head>
<body>
Previous cookie: <?php echo isset($_COOKIE['srvr_cookie']) ? $_COOKIE['srvr_cookie'] : 'NO'; ?>
Previous cookie: <?php echo isset($_COOKIE['srvr_cookie']) ? htmlspecialchars($_COOKIE['srvr_cookie'], ENT_QUOTES, 'UTF-8') : 'NO'; ?>
</body>
</html>
2 changes: 1 addition & 1 deletion driver-testsuite/web-fixtures/issue130.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
if ('1' === $_GET['p']) {
echo '<a href="issue130.php?p=2">Go to 2</a>';
} else {
echo '<strong>'.$_SERVER['HTTP_REFERER'].'</strong>';
echo '<strong>'.htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES, 'UTF-8');).'</strong>';
}
?>
</body>
2 changes: 1 addition & 1 deletion driver-testsuite/web-fixtures/issue140.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
if (!empty($_POST)) {
setcookie("tc", $_POST['cookie_value'], null, '/');
} elseif (isset($_GET["show_value"])) {
echo $_COOKIE["tc"];
echo htmlspecialchars($_COOKIE["tc"], ENT_QUOTES, 'UTF-8');
die();
}
?>
Expand Down
6 changes: 6 additions & 0 deletions driver-testsuite/web-fixtures/print_cookies.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,12 @@
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/>
</head>
<body>
<?php
foreach ($_COOKIE as $key => $value) {
unset($_COOKIE[$key]);
$_COOKIE[htmlspecialchars($key, ENT_QUOTES, 'UTF-8')] = htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
}
?>
<?php echo str_replace('>', '', var_export($_COOKIE, true)); ?>
</body>
</html>