Filebrowser doesn't properly escape subdir

A place to report and discuss bugs - please mention CMSimple-version, server, platform and browser version
Post Reply
cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Filebrowser doesn't properly escape subdir

Post by cmb » Thu Jun 09, 2016 11:51 am

A bug has been found in the filebrowser of CMSimple_XH 1.6.7 (thanks to Manuel Garcia Cardenas, Gert and Holger). It doesn't properly escape the subdir parameter when emitting the HTML. The following patch is supposed to fix this issue:

Code: Select all

 plugins/filebrowser/tpl/cmsbrowser.html    | 6 +++---
 plugins/filebrowser/tpl/editorbrowser.html | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/plugins/filebrowser/tpl/cmsbrowser.html b/plugins/filebrowser/tpl/cmsbrowser.html
index 76a6e39..60583d1 100644
--- a/plugins/filebrowser/tpl/cmsbrowser.html
+++ b/plugins/filebrowser/tpl/cmsbrowser.html
@@ -19,7 +19,7 @@ global $tx, $sn;
     <div style="clear: both;"></div>
 
     <div id="filebrowser_subfolders">
-        <div style="clear: both; margin: 0px 0;"><b><?php echo $tx['filetype']['folder']; ?>:</b> <?php echo $this->currentDirectory; ?></div>
+        <div style="clear: both; margin: 0px 0;"><b><?php echo $tx['filetype']['folder']; ?>:</b> <?php echo XH_hsc($this->currentDirectory); ?></div>
         <div style="text-align: right;">
         <button type="button" onclick="FILEBROWSER.togglexhfbForm('xhfbCreateDir');"><?php echo $this->translate('create_folder'); ?></button>
 
@@ -28,7 +28,7 @@ global $tx, $sn;
 
 
         <fieldset id="xhfbCreateDir" class="xhfbform">
-            <legend><?php echo $this->translate('create_subfolder_in', $this->currentDirectory); ?></legend>
+            <legend><?php echo $this->translate('create_subfolder_in', XH_hsc($this->currentDirectory)); ?></legend>
             <div style="padding: 3em;">
 
                 <form method="POST" action="<?php echo $sn, '?', XH_hsc($_SERVER['QUERY_STRING']);?>">
@@ -49,7 +49,7 @@ global $tx, $sn;
                 <button type="button" onclick="FILEBROWSER.togglexhfbForm('xhfbUploadFile');"><?php echo $this->translate('upload_file'); ?></button>
         </div>
                <fieldset id="xhfbUploadFile" class="xhfbform">
-            <legend><?php echo $this->translate('upload_file_to', $this->currentDirectory); ?></legend>
+            <legend><?php echo $this->translate('upload_file_to', XH_hsc($this->currentDirectory)); ?></legend>
             <div style="padding: 3em;">
 
                 <form method="POST" action="<?php echo $sn, '?', XH_hsc($_SERVER['QUERY_STRING']);?>" enctype="multipart/form-data" onsubmit="return FILEBROWSER.checkUpload(this, '<?php echo $this->escapeForEventHandlerAttribute($this->translate('confirm_upload'));?>')">
diff --git a/plugins/filebrowser/tpl/editorbrowser.html b/plugins/filebrowser/tpl/editorbrowser.html
index f4de0a2..a90730f 100644
--- a/plugins/filebrowser/tpl/editorbrowser.html
+++ b/plugins/filebrowser/tpl/editorbrowser.html
@@ -25,7 +25,7 @@
             <button type="button" onclick="FILEBROWSER.togglexhfbForm('xhfbCreateDir');"><?php echo $this->translate('create_folder'); ?></button>
             <button type="button" onclick="FILEBROWSER.togglexhfbForm('xhfbUploadFile');"><?php echo $this->translate('upload_file'); ?></button>
             <fieldset id="xhfbUploadFile" class="xhfbform">
-                <legend><?php echo $this->translate('upload_file_to', $this->currentDirectory); ?></legend>
+                <legend><?php echo $this->translate('upload_file_to', XH_hsc($this->currentDirectory)); ?></legend>
                 <div style="padding: 3em;">
 
                     <form method="post" action="" enctype="multipart/form-data" onsubmit="return FILEBROWSER.checkUpload(this, '<?php echo $this->escapeForEventHandlerAttribute($this->translate('confirm_upload'));?>')">
@@ -37,7 +37,7 @@
                 </div>
             </fieldset>
             <fieldset id="xhfbCreateDir" class="xhfbform">
-                <legend><?php echo $this->translate('create_subfolder_in', $this->currentDirectory); ?></legend>
+                <legend><?php echo $this->translate('create_subfolder_in', XH_hsc($this->currentDirectory)); ?></legend>
                 <div style="padding: 3em;">
 
                     <form method="post" action="">
I'll put in on the roadmap for CMSimple_XH 1.6.8. There's probably no need to vote, and there's no need to hurry with a bugfix release, because this issue seems to be rather academical for normal use.
Christoph M. Becker – Plugins for CMSimple_XH

cmb
Posts: 14225
Joined: Tue Jun 21, 2011 11:04 am
Location: Bingen, RLP, DE
Contact:

Re: Filebrowser doesn't properly escape subdir

Post by cmb » Sun Dec 11, 2016 4:32 pm

FTR: Fixed with r1685.
Christoph M. Becker – Plugins for CMSimple_XH

Post Reply