yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes potential xss

Browse Source
This commit is contained in:
Shannon
2013-12-04 13:33:24 +11:00
parent 1efa75c891
commit 33aa4e2062
16 changed files with 28 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx
View File

@@ -109,7 +109,7 @@
top.jQuery('.umbModalBoxIframe').closest(".umbModalBox").ModalWindowAPI().close();
top.umbInsertModule('<%=Request.GetCleanedItem("target")%>',macroString,'<%=Request.GetCleanedItem("type")%>');
top.umbInsertModule('<%=Request.CleanForXss("target")%>',macroString,'<%=Request.CleanForXss("type")%>');
}
function pseudoHtmlEncode(text) {

4
src/Umbraco.Web.UI/umbraco/Umbraco.aspx.cs
View File

@@ -23,7 +23,7 @@ namespace Umbraco.Web.UI.Umbraco
{
get
{
var app = Request.GetCleanedItem("app");
var app = Request.CleanForXss("app");
//validate the app
if (global::umbraco.BusinessLogic.Application.getAll().Any(x => x.alias.InvariantEquals(app)) == false)
{
@@ -45,7 +45,7 @@ namespace Umbraco.Web.UI.Umbraco
protected string RightActionId
{
get { return Request.GetCleanedItem("id").ReplaceNonAlphanumericChars('-'); }
get { return Request.CleanForXss("id").ReplaceNonAlphanumericChars('-'); }
}
protected void Page_Load(object sender, EventArgs e)

2
src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltChooseExtension.aspx
View File

@@ -14,7 +14,7 @@
result = result.substring(0, result.length - 2);
result = result + ")";
document.location = 'xsltInsertValueOf.aspx?objectId=<%=Request.GetCleanedItem("objectId")%>&value=' + result;
document.location = 'xsltInsertValueOf.aspx?objectId=<%=Request.CleanForXss("objectId")%>&value=' + result;
}
</script>

4
src/Umbraco.Web.UI/umbraco/developer/Xslt/xsltInsertValueOf.aspx
View File

@@ -14,13 +14,13 @@
result = '<xsl:value-of select="' + document.getElementById('<%= valueOf.ClientID %>').value + '"' + checked + '/>';
UmbClientMgr.contentFrame().focus();
UmbClientMgr.contentFrame().UmbEditor.Insert(result, '', '<%=Request.GetCleanedItem("objectId")%>');
UmbClientMgr.contentFrame().UmbEditor.Insert(result, '', '<%=Request.CleanForXss("objectId")%>');
UmbClientMgr.closeModalWindow();
}
function getExtensionMethod() {
document.location = 'xsltChooseExtension.aspx?objectId=<%=Request.GetCleanedItem("objectId")%>';
document.location = 'xsltChooseExtension.aspx?objectId=<%=Request.CleanForXss("objectId")%>';
}
function recieveExtensionMethod(theValue) {

4
src/Umbraco.Web.UI/umbraco/dialogs/create.aspx
View File

@@ -34,14 +34,14 @@
}
function onNodeSelectionConfirmed() {
document.location.href = 'create.aspx?nodeType=<%=Request.GetCleanedItem("nodeType")%>&app=<%=App%>&nodeId=' + document.getElementById('nodeId').value
document.location.href = 'create.aspx?nodeType=<%=Request.CleanForXss("nodeType")%>&app=<%=App%>&nodeId=' + document.getElementById('nodeId').value
}
</script>
</asp:Content>
<asp:Content ContentPlaceHolderID="body" runat="server">
<input type="hidden" id="nodeId" name="nodeId" value="<%=Request.GetCleanedItem("nodeId")%>" />
<input type="hidden" id="nodeId" name="nodeId" value="<%=Request.CleanForXss("nodeId")%>" />
<input type="hidden" id="path" name="path" value="" runat="server" />
<cc1:Pane ID="pane_chooseNode" runat="server" Style="overflow: auto; height: 250px;">
<umbraco:TreeControl runat="server" ID="JTree" App='<%#App %>'

4
src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx
View File

@@ -73,8 +73,8 @@
<%if (Request["macroID"] != null || Request["macroAlias"] != null) {%>
<input type="hidden" name="macroID" value="<%=Request.GetCleanedItem("macroID")%>" />
<input type="hidden" name="macroAlias" value="<%=Request.GetCleanedItem("macroAlias")%>" />
<input type="hidden" name="macroID" value="<%=Request.CleanForXss("macroID")%>" />
<input type="hidden" name="macroAlias" value="<%=Request.CleanForXss("macroAlias")%>" />
<div class="macroProperties">
<cc1:Pane id="pane_edit" runat="server">

6
src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx
View File

@@ -16,9 +16,9 @@
if (id > 0)
umbraco.presentation.webservices.CMSNode.GetNodeName('<%=umbracoUserContextID%>', id, updateName);
else{
//document.getElementById("pageNameContent").innerHTML = "'<strong><%=umbraco.ui.Text(Request.GetCleanedItem("app"))%></strong>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>";
//document.getElementById("pageNameContent").innerHTML = "'<strong><%=umbraco.ui.Text(Request.CleanForXss("app"))%></strong>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>";
jQuery("#pageNameContent").html("<strong><%=umbraco.ui.Text(Request.GetCleanedItem("app"))%></strong> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>");
jQuery("#pageNameContent").html("<strong><%=umbraco.ui.Text(Request.CleanForXss("app"))%></strong> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>");
jQuery("#pageNameHolder").attr("class","success");
}
}
@@ -59,7 +59,7 @@
<cc1:Feedback ID="feedback" runat="server" />
<cc1:Pane ID="pane_form" runat="server" Visible="false">
<cc1:PropertyPanel runat="server" Style="overflow: auto; height: 220px;position: relative;">
<umbraco:TreeControl runat="server" ID="JTree" App='<%#Request.GetCleanedItem("app") %>'
<umbraco:TreeControl runat="server" ID="JTree" App='<%#Request.CleanForXss("app") %>'
IsDialog="true" DialogMode="id" ShowContextMenu="false" FunctionToCall="dialogHandler"
Height="200"></umbraco:TreeControl>
</cc1:PropertyPanel>

4
src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx
View File

@@ -70,8 +70,8 @@
submitButton: jQuery("#submitButton"),
closeWindowButton : jQuery("#closeWindowButton"),
dateTimeFormat: "<%=CultureInfo.CurrentCulture.DateTimeFormat.ShortDatePattern%> <%=CultureInfo.CurrentCulture.DateTimeFormat.ShortTimePattern%>",
currentId: "<%=Request.GetCleanedItem("ID")%>",
serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=Request.GetCleanedItem("app")%>"
currentId: "<%=Request.CleanForXss("ID")%>",
serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=Request.CleanForXss("app")%>"
});
sortDialog.init();

2
src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx
View File

@@ -25,7 +25,7 @@
submitButton: $("#submitButton"),
form: document.forms[0],
tagName: document.forms[0].<%= tagName.ClientID %>.value,
objectId: '<%=Request.GetCleanedItem("objectId")%>'
objectId: '<%=Request.CleanForXss("objectId")%>'
});
umbracoField.init();
});

4
src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx
View File

@@ -106,8 +106,8 @@
<input type="hidden" name="macroMode" value="<%=Request["mode"]%>" />
<%if (Request["umb_macroID"] != null || Request["umb_macroAlias"] != null)
{%>
<input type="hidden" name="umb_macroID" value="<%=Request.GetCleanedItem("umb_macroID")%>" />
<input type="hidden" name="umb_macroAlias" value="<%=Request.GetCleanedItem("umb_macroAlias")%>" />
<input type="hidden" name="umb_macroID" value="<%=Request.CleanForXss("umb_macroID")%>" />
<input type="hidden" name="umb_macroAlias" value="<%=Request.CleanForXss("umb_macroAlias")%>" />
<% }%>
<ui:Pane ID="pane_edit" runat="server" Visible="false">
<div class="macroPane">

2
src/Umbraco.Web/HttpRequestExtensions.cs
View File

@@ -17,7 +17,7 @@ namespace Umbraco.Web
/// <param name="request"></param>
/// <param name="key"></param>
/// <returns></returns>
public static string GetCleanedItem(this HttpRequest request, string key)
public static string CleanForXss(this HttpRequest request, string key)
{
var item = request.GetItemAsString(key);
return item.CleanForXss();

2
src/Umbraco.Web/umbraco.presentation/umbraco/dashboard.aspx.cs
View File

@@ -36,7 +36,7 @@ namespace umbraco.cms.presentation
{
if (_section == null)
{
var qry = Request.GetCleanedItem("app");
var qry = Request.CleanForXss("app");
// Load dashboard content
if (qry.IsNullOrWhiteSpace() == false)
{

5
src/Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs
View File

@@ -1,4 +1,5 @@
using Umbraco.Core.Logging;
using Umbraco.Web;
namespace dashboardUtilities
{
@@ -32,10 +33,10 @@ namespace dashboardUtilities
{
var response = client.DownloadString(requestUri);
if (!string.IsNullOrEmpty(response))
if (string.IsNullOrEmpty(response) == false)
{
Response.Clear();
Response.ContentType = Request.QueryString["type"] ?? MediaTypeNames.Text.Xml;
Response.ContentType = Request.CleanForXss("type") ?? MediaTypeNames.Text.Xml;
Response.Write(response);
}
}

3
src/Umbraco.Web/umbraco.presentation/umbraco/developer/Cache/viewCacheItem.aspx.cs
View File

@@ -1,5 +1,6 @@
using System;
using System.Web;
using Umbraco.Web;
using umbraco.BasePages;
namespace umbraco.cms.presentation.developer
@@ -17,7 +18,7 @@ namespace umbraco.cms.presentation.developer
protected void Page_Load(object sender, EventArgs e)
{
Panel1.Text = ui.Text("viewCacheItem");
var cacheKey = Request.QueryString["key"];
var cacheKey = Request.CleanForXss("key");
LabelCacheAlias.Text = cacheKey;
var cacheItem = ApplicationContext.ApplicationCache.GetCacheItem<object>(cacheKey);
LabelCacheValue.Text = cacheItem != null ? cacheItem.ToString() : "Cache item isn't in cache anymore!";

3
src/Umbraco.Web/umbraco.presentation/umbraco/developer/Macros/assemblyBrowser.aspx.cs
View File

@@ -12,6 +12,7 @@ using System.Web.UI.HtmlControls;
using System.Reflection;
using System.Collections.Specialized;
using Umbraco.Core.IO;
using Umbraco.Web;
using umbraco.BusinessLogic;
using umbraco.cms.businesslogic.macro;
using System.Collections.Generic;
@@ -40,7 +41,7 @@ namespace umbraco.developer
if (Request.QueryString["type"] == null)
{
isUserControl = true;
var fileName = Request.QueryString["fileName"];
var fileName = Request.CleanForXss("fileName");
if (!fileName.StartsWith("~"))
{
if (fileName.StartsWith("/"))

2
src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/create.aspx.cs
View File

@@ -38,7 +38,7 @@ namespace umbraco.dialogs
{
if (_app == null)
{
_app = Request.GetCleanedItem("app");
_app = Request.CleanForXss("app");
//validate the app
if (BusinessLogic.Application.getAll().Any(x => x.alias.InvariantEquals(_app)) == false)
{