Merge pull request #3818 from umbraco/temp7-268-xss-xslt

Fixing XSS issue with Xslt files.
2018-12-17 15:20:36 +11:00
parent 518f5137e6 ae8e20546f
commit fde64f157c
4 changed files with 6 additions and 4 deletions
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/XsltTasks.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/XsltTasks.cs
@@ -28,7 +28,7 @@ namespace umbraco
            IOHelper.EnsureFileExists(Path.Combine(IOHelper.MapPath(SystemDirectories.Xslt), "web.config"), Files.BlockingWebConfig);

            var template = Alias.Substring(0, Alias.IndexOf("|||"));
-            var fileName = Alias.Substring(Alias.IndexOf("|||") + 3, Alias.Length - Alias.IndexOf("|||") - 3).Replace(" ", "");
+            var fileName = Alias.Substring(Alias.IndexOf("|||") + 3, Alias.Length - Alias.IndexOf("|||") - 3);
            if (fileName.ToLowerInvariant().EndsWith(".xslt") == false)
                fileName += ".xslt";
            var xsltTemplateSource = IOHelper.MapPath(SystemDirectories.Umbraco + "/xslt/templates/" + template);
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/create/xslt.ascx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/create/xslt.ascx.cs
@@ -66,7 +66,7 @@ namespace umbraco.presentation.create
                    BasePage.Current.getUser(),
                    helper.Request("nodeType"),
                    createMacroVal,
-                    xsltName + "|||" + rename.Text);
+                    xsltName + "|||" + rename.Text.CleanForXss());

                BasePage.Current.ClientTools
                    .ChangeContentFrameUrl(returnUrl)
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Xslt/editXslt.aspx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Xslt/editXslt.aspx.cs
@@ -97,7 +97,7 @@ namespace umbraco.cms.presentation.developer


 			// Add source and filename
-			var file = IOHelper.MapPath(SystemDirectories.Xslt + "/" + Request.QueryString["file"]);
+			var file = IOHelper.MapPath(SystemDirectories.Xslt + "/" + Request.QueryString["file"].CleanForXss().Replace(" ", ""));

 			// validate file
 			IOHelper.ValidateEditPath(file, SystemDirectories.Xslt);
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs
@@ -61,6 +61,8 @@ namespace umbraco.presentation.webservices
        [WebMethod]
        public string SaveXslt(string fileName, string oldName, string fileContents, bool ignoreDebugging)
        {
+            fileName = fileName.CleanForXss();
+
            if (AuthorizeRequest(DefaultApps.developer.ToString()))
            {
                IOHelper.EnsurePathExists(SystemDirectories.Xslt);
@@ -448,4 +450,4 @@ namespace umbraco.presentation.webservices
        }

    }
-}
+}