From d4514844f87c31fcb924ed9b3ab347b53f8d894e Mon Sep 17 00:00:00 2001 From: Shannon Date: Tue, 3 Dec 2013 17:58:42 +1100 Subject: [PATCH] Fixes a few other potential xss entry points --- .../Modules/SkinModule/ModuleInjector.aspx | 3 ++- src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx | 13 +++++++------ src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx | 13 +++++++------ src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx | 7 ++++--- .../umbraco/dialogs/umbracoField.aspx | 5 +++-- .../umbraco/plugins/tinymce3/insertMacro.aspx | 13 +++++++------ 6 files changed, 30 insertions(+), 24 deletions(-) diff --git a/src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx b/src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx index d953aa81f4..9c9e7cc631 100644 --- a/src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx +++ b/src/Umbraco.Web.UI/umbraco/LiveEditing/Modules/SkinModule/ModuleInjector.aspx @@ -1,5 +1,6 @@ <%@ Page Language="C#" AutoEventWireup="true" CodeBehind="ModuleInjector.aspx.cs" Inherits="umbraco.presentation.umbraco.LiveEditing.Modules.SkinModule.ModuleInjector" %> <%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %> +<%@ Import Namespace="Umbraco.Web" %> <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %> @@ -108,7 +109,7 @@ top.jQuery('.umbModalBoxIframe').closest(".umbModalBox").ModalWindowAPI().close(); - top.umbInsertModule('<%=umbraco.helper.Request("target")%>',macroString,'<%=umbraco.helper.Request("type")%>'); + top.umbInsertModule('<%=Request.GetCleanedItem("target")%>',macroString,'<%=Request.GetCleanedItem("type")%>'); } function pseudoHtmlEncode(text) { diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx index e34536f1b0..eeacb6a936 100644 --- a/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx +++ b/src/Umbraco.Web.UI/umbraco/dialogs/insertMacro.aspx @@ -1,5 +1,6 @@ <%@ Page Language="c#" MasterPageFile="../masterpages/umbracoPage.Master" ValidateRequest="false" Codebehind="insertMacro.aspx.cs" AutoEventWireup="True" Inherits="umbraco.dialogs.insertMacro" Trace="false" %> +<%@ Import Namespace="Umbraco.Web" %> <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %> @@ -72,8 +73,8 @@ <%if (Request["macroID"] != null || Request["macroAlias"] != null) {%> - " /> - " /> + " /> + " />
@@ -81,9 +82,9 @@

- " onclick="updateMacro()" /> + " onclick="updateMacro()" />   or   - <%=umbraco.ui.Text("general", "cancel", this.getUser())%> + <%=umbraco.ui.Text("general", "cancel", UmbracoUser)%>

<%} else {%> @@ -93,9 +94,9 @@

- " /> + " />   or   - <%=umbraco.ui.Text("general", "cancel", this.getUser())%> + <%=umbraco.ui.Text("general", "cancel", UmbracoUser)%>

<%}%> diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx index ea5cef2a8a..683b940f99 100644 --- a/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx +++ b/src/Umbraco.Web.UI/umbraco/dialogs/moveOrCopy.aspx @@ -1,5 +1,6 @@ <%@ Page Language="c#" CodeBehind="moveOrCopy.aspx.cs" MasterPageFile="../masterpages/umbracoDialog.Master" AutoEventWireup="True" Inherits="Umbraco.Web.UI.Umbraco.Dialogs.MoveOrCopy" %> <%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %> +<%@ Import Namespace="Umbraco.Web" %> <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %> <%@ Register Src="../controls/Tree/TreeControl.ascx" TagName="TreeControl" TagPrefix="umbraco" %> @@ -13,11 +14,11 @@ // Get node name by xmlrequest if (id > 0) - umbraco.presentation.webservices.CMSNode.GetNodeName('<%=umbraco.BasePages.BasePage.umbracoUserContextID%>', id, updateName); + umbraco.presentation.webservices.CMSNode.GetNodeName('<%=umbracoUserContextID%>', id, updateName); else{ - //document.getElementById("pageNameContent").innerHTML = "'<%=umbraco.ui.Text(umbraco.helper.Request("app"))%>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>"; + //document.getElementById("pageNameContent").innerHTML = "'<%=umbraco.ui.Text(Request.GetCleanedItem("app"))%>' <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>"; - jQuery("#pageNameContent").html("<%=umbraco.ui.Text(umbraco.helper.Request("app"))%> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>"); + jQuery("#pageNameContent").html("<%=umbraco.ui.Text(Request.GetCleanedItem("app"))%> <%= umbraco.ui.Text("moveOrCopy","nodeSelected") %>"); jQuery("#pageNameHolder").attr("class","success"); } } @@ -58,7 +59,7 @@ - @@ -84,8 +85,8 @@

  - <%=umbraco.ui.Text("general", "or", this.getUser())%>   - <%=umbraco.ui.Text("general", "cancel", this.getUser())%> + <%=umbraco.ui.Text("general", "or", UmbracoUser)%>   + <%=umbraco.ui.Text("general", "cancel", UmbracoUser)%>

diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx index 430b1578fd..76db9b819f 100644 --- a/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx +++ b/src/Umbraco.Web.UI/umbraco/dialogs/sort.aspx @@ -2,6 +2,7 @@ <%@ Import Namespace="System.Globalization" %> <%@ Import Namespace="Umbraco.Core.IO" %> +<%@ Import Namespace="Umbraco.Web" %> <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %> <%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %> @@ -57,7 +58,7 @@

" /> - or <%=umbraco.ui.Text("general", "cancel", this.getUser())%> + or <%=umbraco.ui.Text("general", "cancel", UmbracoUser)%>

@@ -69,8 +70,8 @@ submitButton: jQuery("#submitButton"), closeWindowButton : jQuery("#closeWindowButton"), dateTimeFormat: "<%=CultureInfo.CurrentCulture.DateTimeFormat.ShortDatePattern%> <%=CultureInfo.CurrentCulture.DateTimeFormat.ShortTimePattern%>", - currentId: "<%=umbraco.helper.Request("ID")%>", - serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=umbraco.helper.Request("app")%>" + currentId: "<%=Request.GetCleanedItem("ID")%>", + serviceUrl: "<%= IOHelper.ResolveUrl(SystemDirectories.Umbraco)%>/WebServices/NodeSorter.asmx/UpdateSortOrder?app=<%=Request.GetCleanedItem("app")%>" }); sortDialog.init(); diff --git a/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx b/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx index 596d8df017..9df80dd370 100644 --- a/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx +++ b/src/Umbraco.Web.UI/umbraco/dialogs/umbracoField.aspx @@ -1,6 +1,7 @@ <%@ Page Language="c#" MasterPageFile="../masterpages/umbracoDialog.Master" CodeBehind="umbracoField.aspx.cs" AutoEventWireup="True" Inherits="umbraco.dialogs.umbracoField" %> +<%@ Import Namespace="Umbraco.Web" %> <%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %> <%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %> @@ -24,7 +25,7 @@ submitButton: $("#submitButton"), form: document.forms[0], tagName: document.forms[0].<%= tagName.ClientID %>.value, - objectId: '<%=umbraco.helper.Request("objectId")%>' + objectId: '<%=Request.GetCleanedItem("objectId")%>' }); umbracoField.init(); }); @@ -126,5 +127,5 @@
" />   or   - <%=umbraco.ui.Text("general", "cancel", this.getUser())%> + <%=umbraco.ui.Text("general", "cancel", UmbracoUser)%> diff --git a/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx b/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx index ca3e9f2bcd..0e935b4ed5 100644 --- a/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx +++ b/src/Umbraco.Web.UI/umbraco/plugins/tinymce3/insertMacro.aspx @@ -1,6 +1,7 @@ <%@ Page Language="c#" ValidateRequest="false" CodeBehind="insertMacro.aspx.cs" AutoEventWireup="True" Inherits="umbraco.presentation.tinymce3.insertMacro" Trace="false" %> +<%@ Import Namespace="Umbraco.Web" %> <%@ Register TagPrefix="ui" Namespace="umbraco.uicontrols" Assembly="controls" %> <%@ Register TagPrefix="umb" Namespace="ClientDependency.Core.Controls" Assembly="ClientDependency.Core" %> <%@ Register TagPrefix="asp" Namespace="System.Web.UI" Assembly="System.Web" %> @@ -105,8 +106,8 @@ " /> <%if (Request["umb_macroID"] != null || Request["umb_macroAlias"] != null) {%> - " /> - " /> + " /> + " /> <% }%>
@@ -118,7 +119,7 @@ or - <%=umbraco.ui.Text("general", "cancel", this.getUser())%> + <%=umbraco.ui.Text("general", "cancel", UmbracoUser)%>

@@ -128,16 +129,16 @@

- " /> + " /> or - <%=umbraco.ui.Text("general", "cancel", this.getUser())%> + <%=umbraco.ui.Text("general", "cancel", UmbracoUser)%>

-