yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes a few other potential xss entry points

Browse Source
This commit is contained in:
Shannon
2013-12-03 17:58:42 +11:00
parent 6b7a495d19
commit d4514844f8
6 changed files with 30 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx
View File

@@ -1,5 +1,6 @@
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ModuleInjector.aspx.cs" Inherits="umbraco.presentation.umbraco.LiveEditing.Modules.SkinModule.ModuleInjector" %>
<%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %>
<%@ Import Namespace="Umbraco.Web" %>
<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -108,7 +109,7 @@
top.jQuery('.umbModalBoxIframe').closest(".umbModalBox").ModalWindowAPI().close();
top.umbInsertModule('<%=umbraco.helper.Request("target")%>',macroString,'<%=umbraco.helper.Request("type")%>');
top.umbInsertModule('<%=Request.GetCleanedItem("target")%>',macroString,'<%=Request.GetCleanedItem("type")%>');
}
function pseudoHtmlEncode(text) {

13
src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx
View File

@@ -1,5 +1,6 @@
<%@ Page Language="c#" MasterPageFile="../masterpages/umbracoPage.Master" ValidateRequest="false" Codebehind="insertMacro.aspx.cs" AutoEventWireup="True"
Inherits="umbraco.dialogs.insertMacro" Trace="false" %>
<%@ Import Namespace="Umbraco.Web" %>
<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
<asp:Content ContentPlaceHolderID="head" runat="server">
@@ -72,8 +73,8 @@
<%if (Request["macroID"] != null || Request["macroAlias"] != null) {%>
<input type="hidden" name="macroID" value="<%=umbraco.helper.Request("macroID")%>" />
<input type="hidden" name="macroAlias" value="<%=umbraco.helper.Request("macroAlias")%>" />
<input type="hidden" name="macroID" value="<%=Request.GetCleanedItem("macroID")%>" />
<input type="hidden" name="macroAlias" value="<%=Request.GetCleanedItem("macroAlias")%>" />
<div class="macroProperties">
<cc1:Pane id="pane_edit" runat="server">
@@ -81,9 +82,9 @@
</cc1:Pane>
</div>
<p>
<input type="button" value="<%=umbraco.ui.Text("general", "ok", this.getUser())%>" onclick="updateMacro()" />
<input type="button" value="<%=umbraco.ui.Text("general", "ok", UmbracoUser)%>" onclick="updateMacro()" />
&nbsp; <em> or </em> &nbsp;
<a href="#" style="color: blue" onclick="UmbClientMgr.closeModalWindow()"><%=umbraco.ui.Text("general", "cancel", this.getUser())%></a>
<a href="#" style="color: blue" onclick="UmbClientMgr.closeModalWindow()"><%=umbraco.ui.Text("general", "cancel", UmbracoUser)%></a>
</p>
<%} else {%>
@@ -93,9 +94,9 @@
</cc1:PropertyPanel>
</cc1:Pane>
<p>
<input type="submit" value="<%=umbraco.ui.Text("general", "ok", this.getUser())%>" />
<input type="submit" value="<%=umbraco.ui.Text("general", "ok", UmbracoUser)%>" />
&nbsp; <em> or </em> &nbsp;
<a href="#" style="color: blue" onclick="UmbClientMgr.closeModalWindow()"><%=umbraco.ui.Text("general", "cancel", this.getUser())%></a>
<a href="#" style="color: blue" onclick="UmbClientMgr.closeModalWindow()"><%=umbraco.ui.Text("general", "cancel", UmbracoUser)%></a>
</p>
<%}%>

13
src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx
View File

@@ -1,5 +1,6 @@
<%@ Page Language="c#" CodeBehind="moveOrCopy.aspx.cs" MasterPageFile="../masterpages/umbracoDialog.Master" AutoEventWireup="True" Inherits="Umbraco.Web.UI.Umbraco.Dialogs.MoveOrCopy" %>
<%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %>
<%@ Import Namespace="Umbraco.Web" %>
<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
<%@ Register Src="../controls/Tree/TreeControl.ascx" TagName="TreeControl" TagPrefix="umbraco" %>
@@ -13,11 +14,11 @@
// Get node name by xmlrequest
if (id > 0)
umbraco.presentation.webservices.CMSNode.GetNodeName('<%=umbraco.BasePages.BasePage.umbracoUserContextID%>', id, updateName);
umbraco.presentation.webservices.CMSNode.GetNodeName('<%=umbracoUserContextID%>', id, updateName);
else{
//document.getElementById("pageNameContent").innerHTML = "'<strong><%=umbraco.ui.Text(umbraco.helper.Request("app"))%></strong>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>";
//document.getElementById("pageNameContent").innerHTML = "'<strong><%=umbraco.ui.Text(Request.GetCleanedItem("app"))%></strong>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>";
jQuery("#pageNameContent").html("<strong><%=umbraco.ui.Text(umbraco.helper.Request("app"))%></strong> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>");
jQuery("#pageNameContent").html("<strong><%=umbraco.ui.Text(Request.GetCleanedItem("app"))%></strong> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>");
jQuery("#pageNameHolder").attr("class","success");
}
}
@@ -58,7 +59,7 @@
<cc1:Feedback ID="feedback" runat="server" />
<cc1:Pane ID="pane_form" runat="server" Visible="false">
<cc1:PropertyPanel runat="server" Style="overflow: auto; height: 220px;position: relative;">
<umbraco:TreeControl runat="server" ID="JTree" App='<%#umbraco.helper.Request("app") %>'
<umbraco:TreeControl runat="server" ID="JTree" App='<%#Request.GetCleanedItem("app") %>'
IsDialog="true" DialogMode="id" ShowContextMenu="false" FunctionToCall="dialogHandler"
Height="200"></umbraco:TreeControl>
</cc1:PropertyPanel>
@@ -84,8 +85,8 @@
<p>
<asp:Button ID="ok" runat="server" CssClass="guiInputButton" OnClick="HandleMoveOrCopy"></asp:Button>
&nbsp; <em>
<%=umbraco.ui.Text("general", "or", this.getUser())%></em> &nbsp; <a href="#" style="color: blue" onclick="UmbClientMgr.closeModalWindow()">
<%=umbraco.ui.Text("general", "cancel", this.getUser())%></a>
<%=umbraco.ui.Text("general", "or", UmbracoUser)%></em> &nbsp; <a href="#" style="color: blue" onclick="UmbClientMgr.closeModalWindow()">
<%=umbraco.ui.Text("general", "cancel", UmbracoUser)%></a>
</p>
</asp:Panel>
</asp:Content>

7
src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx
View File

@@ -2,6 +2,7 @@
<%@ Import Namespace="System.Globalization" %>
<%@ Import Namespace="Umbraco.Core.IO" %>
<%@ Import Namespace="Umbraco.Web" %>
<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
<%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %>
@@ -57,7 +58,7 @@
<br />
<p>
<input id="submitButton" type="button" value="<%=umbraco.ui.Text("save") %>" />
<em>or </em><a id="closeWindowButton" href="#" style="color: blue"><%=umbraco.ui.Text("general", "cancel", this.getUser())%></a>
<em>or </em><a id="closeWindowButton" href="#" style="color: blue"><%=umbraco.ui.Text("general", "cancel", UmbracoUser)%></a>
</p>
</div>
@@ -69,8 +70,8 @@
submitButton: jQuery("#submitButton"),
closeWindowButton : jQuery("#closeWindowButton"),
dateTimeFormat: "<%=CultureInfo.CurrentCulture.DateTimeFormat.ShortDatePattern%> <%=CultureInfo.CurrentCulture.DateTimeFormat.ShortTimePattern%>",
currentId: "<%=umbraco.helper.Request("ID")%>",
serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=umbraco.helper.Request("app")%>"
currentId: "<%=Request.GetCleanedItem("ID")%>",
serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=Request.GetCleanedItem("app")%>"
});
sortDialog.init();

5
src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx
View File

@@ -1,6 +1,7 @@
<%@ Page Language="c#" MasterPageFile="../masterpages/umbracoDialog.Master" CodeBehind="umbracoField.aspx.cs"
AutoEventWireup="True" Inherits="umbraco.dialogs.umbracoField" %>
<%@ Import Namespace="Umbraco.Web" %>
<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %>
<%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %>
<asp:Content ContentPlaceHolderID="head" runat="server">
@@ -24,7 +25,7 @@
submitButton: $("#submitButton"),
form: document.forms[0],
tagName: document.forms[0].<%= tagName.ClientID %>.value,
objectId: '<%=umbraco.helper.Request("objectId")%>'
objectId: '<%=Request.GetCleanedItem("objectId")%>'
});
umbracoField.init();
});
@@ -126,5 +127,5 @@
<br />
<input id="submitButton" type="button" name="gem" value="<%=umbraco.ui.Text("insert")%>" />
&nbsp; <em>or </em>&nbsp; <a id="cancelButton" href="#" style="color: blue">
<%=umbraco.ui.Text("general", "cancel", this.getUser())%></a>
<%=umbraco.ui.Text("general", "cancel", UmbracoUser)%></a>
</asp:Content>

13
src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx
View File

@@ -1,6 +1,7 @@
<%@ Page Language="c#" ValidateRequest="false" CodeBehind="insertMacro.aspx.cs" AutoEventWireup="True"
Inherits="umbraco.presentation.tinymce3.insertMacro" Trace="false" %>
<%@ Import Namespace="Umbraco.Web" %>
<%@ Register TagPrefix="ui" Namespace="umbraco.uicontrols" Assembly="controls" %>
<%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %>
<%@ Register TagPrefix="asp" Namespace="System.Web.UI" Assembly="System.Web" %>
@@ -105,8 +106,8 @@
<input type="hidden" name="macroMode" value="<%=Request["mode"]%>" />
<%if (Request["umb_macroID"] != null || Request["umb_macroAlias"] != null)
{%>
<input type="hidden" name="umb_macroID" value="<%=umbraco.helper.Request("umb_macroID")%>" />
<input type="hidden" name="umb_macroAlias" value="<%=umbraco.helper.Request("umb_macroAlias")%>" />
<input type="hidden" name="umb_macroID" value="<%=Request.GetCleanedItem("umb_macroID")%>" />
<input type="hidden" name="umb_macroAlias" value="<%=Request.GetCleanedItem("umb_macroAlias")%>" />
<% }%>
<ui:Pane ID="pane_edit" runat="server" Visible="false">
<div class="macroPane">
@@ -118,7 +119,7 @@
<asp:Button ID="bt_renderMacro" OnClick="renderMacro_Click" runat="server" Text="ok">
</asp:Button>
<em>or </em><a id="cancelbtn" href="#" style="color: blue" onclick="tinyMCEPopup.close();">
<%=umbraco.ui.Text("general", "cancel", this.getUser())%></a>
<%=umbraco.ui.Text("general", "cancel", UmbracoUser)%></a>
</p>
</asp:Panel>
<ui:Pane ID="pane_insert" runat="server">
@@ -128,16 +129,16 @@
</ui:Pane>
<asp:Panel ID="insert_buttons" runat="server">
<p>
<input type="submit" value="<%=umbraco.ui.Text("general", "ok", this.getUser())%>" />
<input type="submit" value="<%=umbraco.ui.Text("general", "ok", UmbracoUser)%>" />
<em>or </em><a href="#" style="color: blue" onclick="tinyMCEPopup.close();">
<%=umbraco.ui.Text("general", "cancel", this.getUser())%></a>
<%=umbraco.ui.Text("general", "cancel", UmbracoUser)%></a>
</p>
</asp:Panel>
<div id="renderContent" style="display: none">
<asp:PlaceHolder ID="renderHolder" runat="server"></asp:PlaceHolder>
</div>
</form>
<script type="text/javascript" language="javascript">
<script type="text/javascript" >
var inst; // = tinyMCEPopup.editor;
var elm; // = inst.selection.getNode();