Skip to content

Commit

Permalink
update for XSS restrictions (#586)
Browse files Browse the repository at this point in the history 
* https://github.com/Sakura-501/Opencats-0.9.7-Vulnerabilities/blob/d085fe2a26d10d6009a73d66fb7319fd4a2ba426/Opencats-0.9.7-sql%20injection%20in%20viewerrors-importID.md

* Opencats-0.9.7-Reflected XSS in onChangeTag

* Opencats-0.9.7-Stored XSS in Calendar-Add-Event.md

* Update CalendarUI.php

update the XSS fix

* Updated internal module(UI).php elements to restrict XSS

* updated Calendar XSS fix to use function, incremented version.

Signed-off-by: RussH <russellh@ysmail.net>

---------

Signed-off-by: RussH <russellh@ysmail.net>
  • Loading branch information
@RussH
RussH authored Feb 27, 2023
1 parent df7e373 commit e7a8eeb
Show file tree
Hide file tree
Showing 20 changed files with 166 additions and 165 deletions.
2 changes: 1 addition & 1 deletion ajax.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* CATS
* AJAX Delegation Module
*
* CATS Version: 0.9.6
* CATS Version: 0.9.7.1
*
* Copyright (C) 2005 - 2007 Cognizo Technologies, Inc.
*
Expand Down
2 changes: 1 addition & 1 deletion careers/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* CATS
* Careers Page Display Module
*
* CATS Version: 0.9.6
* CATS Version: 0.9.7.1
*
* Copyright (C) 2005 - 2007 Cognizo Technologies, Inc.
*
Expand Down
2 changes: 1 addition & 1 deletion constants.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@

/* CATS Version */

define('CATS_VERSION', '0.9.6');
define('CATS_VERSION', '0.9.7.1');


/* Copyright information at bottom of pages. */
Expand Down
2 changes: 1 addition & 1 deletion index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* CATS
* Index (Delegation Module)
*
* CATS Version: 0.9.6
* CATS Version: 0.9.7.1
*
* Copyright (C) 2005 - 2007 Cognizo Technologies, Inc.
*
Expand Down
2 changes: 1 addition & 1 deletion lib/UserInterface.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -389,7 +389,7 @@ protected function getSanitisedInput($key, $request)
{
if (isset($request[$key]))
{
return trim(htmlspecialchars($request[$key], ENT_QUOTES));
return trim(htmlspecialchars($request[$key], ENT_QUOTES, FALSE));
}
return '';
}
Expand Down
2 changes: 1 addition & 1 deletion modules/activity/dataGrids.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* CATS
* Contacts Datagrid
*
* CATS Version: 0.9.6
* CATS Version: 0.9.7.1
*
* Copyright (C) 2005 - 2007 Cognizo Technologies, Inc.
*
Expand Down
15 changes: 7 additions & 8 deletions modules/calendar/CalendarUI.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -392,11 +392,10 @@ private function onAddEvent()

$publicEntry = $this->isChecked('publicEntry', $_POST);
$reminderEnabled = $this->isChecked('reminderToggle', $_POST);

$description = $this->getTrimmedInput('description', $_POST);
$title = $this->getTrimmedInput('title', $_POST);
$reminderEmail = $this->getTrimmedInput('sendEmail', $_POST);
$reminderTime = $this->getTrimmedInput('reminderTime', $_POST);
$description = $this->getSanitisedInput('description', $_POST);
$title = $this->getSanitisedInput('title', $_POST);
$reminderEmail = $this->getSanitisedInput('sendEmail', $_POST);
$reminderTime = $this->getSanitisedInput('reminderTime', $_POST);

// FIXME: Reminder time must be an integer!

Expand Down Expand Up @@ -583,9 +582,9 @@ private function onEditEvent()
$publicEntry = $this->isChecked('publicEntry', $_POST);
$reminderEnabled = $this->isChecked('reminderToggle', $_POST);

$description = $this->getTrimmedInput('description', $_POST);
$title = $this->getTrimmedInput('title', $_POST);
$reminderEmail = $this->getTrimmedInput('sendEmail', $_POST);
$description = $this->getSanitisedInput('description', $_POST);
$title = $this->getSanitisedInput('title', $_POST);
$reminderEmail = $this->getSanitisedInput('sendEmail', $_POST);
$reminderTime = $this->getTrimmedInput('reminderTime', $_POST);

// FIXME: Reminder time must be an integer!
Expand Down
88 changes: 44 additions & 44 deletions modules/candidates/CandidatesUI.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -899,27 +899,27 @@ public function checkParsingFunctions()

// Retain all field data since this isn't done over AJAX (yet)
$fields = array(
'firstName' => $this->getTrimmedInput('firstName', $_POST),
'middleName' => $this->getTrimmedInput('middleName', $_POST),
'lastName' => $this->getTrimmedInput('lastName', $_POST),
'email1' => $this->getTrimmedInput('email1', $_POST),
'email2' => $this->getTrimmedInput('email2', $_POST),
'phoneHome' => $this->getTrimmedInput('phoneHome', $_POST),
'phoneCell' => $this->getTrimmedInput('phoneCell', $_POST),
'phoneWork' => $this->getTrimmedInput('phoneWork', $_POST),
'address' => $this->getTrimmedInput('address', $_POST),
'city' => $this->getTrimmedInput('city', $_POST),
'state' => $this->getTrimmedInput('state', $_POST),
'zip' => $this->getTrimmedInput('zip', $_POST),
'firstName' => $this->getSanitisedInput('firstName', $_POST),
'middleName' => $this->getSanitisedInput('middleName', $_POST),
'lastName' => $this->getSanitisedInput('lastName', $_POST),
'email1' => $this->getSanitisedInput('email1', $_POST),
'email2' => $this->getSanitisedInput('email2', $_POST),
'phoneHome' => $this->getSanitisedInput('phoneHome', $_POST),
'phoneCell' => $this->getSanitisedInput('phoneCell', $_POST),
'phoneWork' => $this->getSanitisedInput('phoneWork', $_POST),
'address' => $this->getSanitisedInput('address', $_POST),
'city' => $this->getSanitisedInput('city', $_POST),
'state' => $this->getSanitisedInput('state', $_POST),
'zip' => $this->getSanitisedInput('zip', $_POST),
'source' => $this->getTrimmedInput('source', $_POST),
'keySkills' => $this->getTrimmedInput('keySkills', $_POST),
'currentEmployer' => $this->getTrimmedInput('currentEmployer', $_POST),
'currentPay' => $this->getTrimmedInput('currentPay', $_POST),
'desiredPay' => $this->getTrimmedInput('desiredPay', $_POST),
'notes' => $this->getTrimmedInput('notes', $_POST),
'canRelocate' => $this->getTrimmedInput('canRelocate', $_POST),
'webSite' => $this->getTrimmedInput('webSite', $_POST),
'bestTimeToCall' => $this->getTrimmedInput('bestTimeToCall', $_POST),
'keySkills' => $this->getSanitisedInput('keySkills', $_POST),
'currentEmployer' => $this->getSanitisedInput('currentEmployer', $_POST),
'currentPay' => $this->getSanitisedInput('currentPay', $_POST),
'desiredPay' => $this->getSanitisedInput('desiredPay', $_POST),
'notes' => $this->getSanitisedInput('notes', $_POST),
'canRelocate' => $this->getSanitisedInput('canRelocate', $_POST),
'webSite' => $this->getSanitisedInput('webSite', $_POST),
'bestTimeToCall' => $this->getSanitisedInput('bestTimeToCall', $_POST),
'gender' => $this->getTrimmedInput('gender', $_POST),
'race' => $this->getTrimmedInput('race', $_POST),
'veteran' => $this->getTrimmedInput('veteran', $_POST),
Expand Down Expand Up @@ -1205,39 +1205,39 @@ private function onEdit()
}

$formattedPhoneHome = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('phoneHome', $_POST)
$this->getSanitisedInput('phoneHome', $_POST)
);
if (!empty($formattedPhoneHome))
{
$phoneHome = $formattedPhoneHome;
}
else
{
$phoneHome = $this->getTrimmedInput('phoneHome', $_POST);
$phoneHome = $this->getSanitisedInput('phoneHome', $_POST);
}

$formattedPhoneCell = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('phoneCell', $_POST)
$this->getSanitisedInput('phoneCell', $_POST)
);
if (!empty($formattedPhoneCell))
{
$phoneCell = $formattedPhoneCell;
}
else
{
$phoneCell = $this->getTrimmedInput('phoneCell', $_POST);
$phoneCell = $this->getSanitisedInput('phoneCell', $_POST);
}

$formattedPhoneWork = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('phoneWork', $_POST)
$this->getSanitisedInput('phoneWork', $_POST)
);
if (!empty($formattedPhoneWork))
{
$phoneWork = $formattedPhoneWork;
}
else
{
$phoneWork = $this->getTrimmedInput('phoneWork', $_POST);
$phoneWork = $this->getSanitisedInput('phoneWork', $_POST);
}

$candidateID = $_POST['candidateID'];
Expand Down Expand Up @@ -1310,22 +1310,22 @@ private function onEdit()
}

$isActive = $this->isChecked('isActive', $_POST);
$firstName = $this->getTrimmedInput('firstName', $_POST);
$middleName = $this->getTrimmedInput('middleName', $_POST);
$lastName = $this->getTrimmedInput('lastName', $_POST);
$email1 = $this->getTrimmedInput('email1', $_POST);
$email2 = $this->getTrimmedInput('email2', $_POST);
$address = $this->getTrimmedInput('address', $_POST);
$city = $this->getTrimmedInput('city', $_POST);
$state = $this->getTrimmedInput('state', $_POST);
$zip = $this->getTrimmedInput('zip', $_POST);
$source = $this->getTrimmedInput('source', $_POST);
$keySkills = $this->getTrimmedInput('keySkills', $_POST);
$currentEmployer = $this->getTrimmedInput('currentEmployer', $_POST);
$currentPay = $this->getTrimmedInput('currentPay', $_POST);
$desiredPay = $this->getTrimmedInput('desiredPay', $_POST);
$notes = $this->getTrimmedInput('notes', $_POST);
$webSite = $this->getTrimmedInput('webSite', $_POST);
$firstName = $this->getSanitisedInput('firstName', $_POST);
$middleName = $this->getSanitisedInput('middleName', $_POST);
$lastName = $this->getSanitisedInput('lastName', $_POST);
$email1 = $this->getSanitisedInput('email1', $_POST);
$email2 = $this->getSanitisedInput('email2', $_POST);
$address = $this->getSanitisedInput('address', $_POST);
$city = $this->getSanitisedInput('city', $_POST);
$state = $this->getSanitisedInput('state', $_POST);
$zip = $this->getSanitisedInput('zip', $_POST);
$source = $this->getSanitisedInput('source', $_POST);
$keySkills = $this->getSanitisedInput('keySkills', $_POST);
$currentEmployer = $this->getSanitisedInput('currentEmployer', $_POST);
$currentPay = $this->getSanitisedInput('currentPay', $_POST);
$desiredPay = $this->getSanitisedInput('desiredPay', $_POST);
$notes = $this->getSanitisedInput('notes', $_POST);
$webSite = $this->getSanitisedInput('webSite', $_POST);
$bestTimeToCall = $this->getTrimmedInput('bestTimeToCall', $_POST);
$gender = $this->getTrimmedInput('gender', $_POST);
$race = $this->getTrimmedInput('race', $_POST);
Expand Down Expand Up @@ -3426,8 +3426,8 @@ private function findDuplicateCandidateSearch()
{
$duplicateCandidateID = $_POST['candidateID'];
}
$query = $this->getTrimmedInput('wildCardString', $_POST);
$mode = $this->getTrimmedInput('mode', $_POST);
$query = $this->getSanitisedInput('wildCardString', $_POST);
$mode = $this->getSanitisedInput('mode', $_POST);

/* Execute the search. */
$search = new SearchCandidates($this->_siteID);
Expand Down
58 changes: 29 additions & 29 deletions modules/companies/CompaniesUI.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -489,42 +489,42 @@ private function add()
private function onAdd()
{
$formattedPhone1 = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('phone1', $_POST)
$this->getSanitisedInput('phone1', $_POST)
);
if (!empty($formattedPhone1))
{
$phone1 = $formattedPhone1;
}
else
{
$phone1 = $this->getTrimmedInput('phone1', $_POST);
$phone1 = $this->getSanitisedInput('phone1', $_POST);
}

$formattedPhone2 = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('phone2', $_POST)
$this->getSanitisedInput('phone2', $_POST)
);
if (!empty($formattedPhone2))
{
$phone2 = $formattedPhone2;
}
else
{
$phone2 = $this->getTrimmedInput('phone2', $_POST);
$phone2 = $this->getSanitisedInput('phone2', $_POST);
}

$formattedFaxNumber = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('faxNumber', $_POST)
$this->getSanitisedInput('faxNumber', $_POST)
);
if (!empty($formattedFaxNumber))
{
$faxNumber = $formattedFaxNumber;
}
else
{
$faxNumber = $this->getTrimmedInput('faxNumber', $_POST);
$faxNumber = $this->getSanitisedInput('faxNumber', $_POST);
}

$url = $this->getTrimmedInput('url', $_POST);
$url = $this->getSanitisedInput('url', $_POST);
if (!empty($url))
{
$formattedURL = StringUtility::extractURL($url);
Expand All @@ -538,13 +538,13 @@ private function onAdd()
/* Hot company? */
$isHot = $this->isChecked('isHot', $_POST);

$name = $this->getTrimmedInput('name', $_POST);
$address = $this->getTrimmedInput('address', $_POST);
$city = $this->getTrimmedInput('city', $_POST);
$state = $this->getTrimmedInput('state', $_POST);
$zip = $this->getTrimmedInput('zip', $_POST);
$keyTechnologies = $this->getTrimmedInput('keyTechnologies', $_POST);
$notes = $this->getTrimmedInput('notes', $_POST);
$name = $this->getSanitisedInput('name', $_POST);
$address = $this->getSanitisedInput('address', $_POST);
$city = $this->getSanitisedInput('city', $_POST);
$state = $this->getSanitisedInput('state', $_POST);
$zip = $this->getSanitisedInput('zip', $_POST);
$keyTechnologies = $this->getSanitisedInput('keyTechnologies', $_POST);
$notes = $this->getSanitisedInput('notes', $_POST);

/* Departments list editor. */
$departmentsCSV = $this->getTrimmedInput('departmentsCSV', $_POST);
Expand Down Expand Up @@ -697,42 +697,42 @@ private function onEdit()
}

$formattedPhone1 = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('phone1', $_POST)
$this->getSanitisedInput('phone1', $_POST)
);
if (!empty($formattedPhone1))
{
$phone1 = $formattedPhone1;
}
else
{
$phone1 = $this->getTrimmedInput('phone1', $_POST);
$phone1 = $this->getSanitisedInput('phone1', $_POST);
}

$formattedPhone2 = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('phone2', $_POST)
$this->getSanitisedInput('phone2', $_POST)
);
if (!empty($formattedPhone2))
{
$phone2 = $formattedPhone2;
}
else
{
$phone2 = $this->getTrimmedInput('phone2', $_POST);
$phone2 = $this->getSanitisedInput('phone2', $_POST);
}

$formattedFaxNumber = StringUtility::extractPhoneNumber(
$this->getTrimmedInput('faxNumber', $_POST)
$this->getSanitisedInput('faxNumber', $_POST)
);
if (!empty($formattedFaxNumber))
{
$faxNumber = $formattedFaxNumber;
}
else
{
$faxNumber = $this->getTrimmedInput('faxNumber', $_POST);
$faxNumber = $this->getSanitisedInput('faxNumber', $_POST);
}

$url = $this->getTrimmedInput('url', $_POST);
$url = $this->getSanitisedInput('url', $_POST);
if (!empty($url))
{
$formattedURL = StringUtility::extractURL($url);
Expand Down Expand Up @@ -809,13 +809,13 @@ private function onEdit()
$emailAddress = '';
}

$name = $this->getTrimmedInput('name', $_POST);
$address = $this->getTrimmedInput('address', $_POST);
$city = $this->getTrimmedInput('city', $_POST);
$state = $this->getTrimmedInput('state', $_POST);
$zip = $this->getTrimmedInput('zip', $_POST);
$keyTechnologies = $this->getTrimmedInput('keyTechnologies', $_POST);
$notes = $this->getTrimmedInput('notes', $_POST);
$name = $this->getSanitisedInput('name', $_POST);
$address = $this->getSanitisedInput('address', $_POST);
$city = $this->getSanitisedInput('city', $_POST);
$state = $this->getSanitisedInput('state', $_POST);
$zip = $this->getSanitisedInput('zip', $_POST);
$keyTechnologies = $this->getSanitisedInput('keyTechnologies', $_POST);
$notes = $this->getSanitisedInput('notes', $_POST);

/* Departments list editor. */
$departmentsCSV = $this->getTrimmedInput('departmentsCSV', $_POST);
Expand Down Expand Up @@ -986,7 +986,7 @@ private function onSearch()
if (!eval(Hooks::get('CLIENTS_ON_SEARCH_PRE'))) return;

/* Get our current searching mode. */
$mode = $this->getTrimmedInput('mode', $_GET);
$mode = $this->getSanitisedInput('mode', $_GET);

/* Execute the search. */
$search = new SearchCompanies($this->_siteID);
Expand Down
2 changes: 1 addition & 1 deletion modules/companies/dataGrids.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
* CATS
* Companies Datagrid
*
* CATS Version: 0.9.6
* CATS Version: 0.9.7.1
*
* Copyright (C) 2005 - 2007 Cognizo Technologies, Inc.
*
Expand Down
Loading

0 comments on commit e7a8eeb

Please sign in to comment.