danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix reflected XSS vulnerability

Browse Source
This commit is contained in:
Daniel Winzen
2020-05-02 19:42:34 +02:00
parent 1887d42a78
commit e149c9f97d
3 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
chat.php
View File

@ -368,7 +368,7 @@ function print_start($class='', $ref=0, $url=''){
function send_redirect($url){
global $I;
$url=htmlspecialchars_decode(rawurldecode($url));
$url=trim(htmlspecialchars_decode(rawurldecode($url)));
preg_match('~^(.*)://~u', $url, $match);
$url=preg_replace('~^(.*)://~u', '', $url);
$escaped=htmlspecialchars($url);
@ -380,7 +380,11 @@ function send_redirect($url){
if(!isset($match[0])){
$match[0]='';
}
echo "<p>$I[nonhttp] <a href=\"$match[0]$escaped\">$match[0]$escaped</a>.</p>";
if(preg_match('~^(javascript|blob|data):~', $url)){
echo "<p>$I[dangerousnonhttp] $match[0]$escaped</p>";
} else {
echo "<p>$I[nonhttp] <a href=\"$match[0]$escaped\">$match[0]$escaped</a>.</p>";
}
echo "<p>$I[httpredir] <a href=\"http://$escaped\">http://$escaped</a>.</p>";
}
print_end();