Fixes: U4-7194 XSS issue with regexws page, U4-7195 XSS issue with editview.aspx

2015-10-06 10:56:16 +02:00
parent 96d46c82fe
commit 5e5207d4f3
3 changed files with 5 additions and 3 deletions
--- a/src/Umbraco.Web.UI/umbraco/dialogs/RegexWs.aspx
+++ b/src/Umbraco.Web.UI/umbraco/dialogs/RegexWs.aspx
@@ -1,4 +1,5 @@
 <%@ Page Language="C#" AutoEventWireup="true" MasterPageFile="../masterpages/umbracoDialog.Master" CodeBehind="RegexWs.aspx.cs" Inherits="umbraco.presentation.dialogs.RegexWs" %>
+<%@ Import Namespace="Umbraco.Web" %>
 <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
 <%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %>

@@ -40,7 +41,7 @@
 <asp:Content ContentPlaceHolderID="head" runat="server">
  <script type="text/javascript">
 	  function chooseRegex(regex) {
-		var target = top.right.document.getElementById('<%= Request.QueryString["target"] %>');
+		var target = top.right.document.getElementById('<%= Request.CleanForXss("target") %>');
 		target.value = regex;
 		UmbClientMgr.closeModalWindow(); 
 	}
--- a/src/Umbraco.Web.UI/umbraco/settings/views/EditView.aspx
+++ b/src/Umbraco.Web.UI/umbraco/settings/views/EditView.aspx
@@ -6,6 +6,7 @@

 <%@ Import Namespace="Umbraco.Core" %>
 <%@ Import Namespace="Umbraco.Core.IO" %>
+<%@ Import Namespace="Umbraco.Web" %>
 <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
 <%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %>

@@ -35,7 +36,7 @@
                    nameTxtBox: $("#<%= NameTxt.ClientID %>"),
                    aliasTxtBox: $("#<%= AliasTxt.ClientID %>"),
                    saveButton: $("#<%= ((Control)SaveButton).ClientID %>"),
-                    templateId: '<%= Request.QueryString["templateID"] %>',
+                    templateId: '<%= Request.CleanForXss("templateID") %>',
                    codeEditorElementId: '<%= editorSource.ClientID %>',
                    modalUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco) %>/dialogs/editMacro.aspx"
                });
--- a/src/Umbraco.Web.UI/umbraco/settings/views/EditView.aspx.cs
+++ b/src/Umbraco.Web.UI/umbraco/settings/views/EditView.aspx.cs
@@ -66,7 +66,7 @@ namespace Umbraco.Web.UI.Umbraco.Settings.Views
 	            {
 	                return TreeDefinitionCollection.Instance.FindTree<PartialViewsTree>().Tree.Alias;
 	            }
-	            return Request.QueryString["treeType"];
+	            return Request.CleanForXss("treeType");
 	        }
 	    }