XSS patches (oembed, dupes)
Rodolfo Berrios
parent
22b978a12b
commit
1c10eefd0d
|
|
@ -4005,7 +4005,7 @@ CHV.fn.uploader = {
|
|||
JSONresponse.error.message = "Database error";
|
||||
}
|
||||
JSONresponse.error.message =
|
||||
CHV.fn.uploader.files[id].name.truncate_middle() +
|
||||
PF.fn.htmlEncode(CHV.fn.uploader.files[id].name.truncate_middle()) +
|
||||
" - " +
|
||||
JSONresponse.error.message;
|
||||
}
|
||||
|
|
@ -4038,7 +4038,7 @@ CHV.fn.uploader = {
|
|||
status_code: err_handle.status,
|
||||
error: {
|
||||
message:
|
||||
CHV.fn.uploader.files[id].name.truncate_middle() +
|
||||
PF.fn.htmlEncode(CHV.fn.uploader.files[id].name.truncate_middle()) +
|
||||
" - Server error (" +
|
||||
err_handle.statusText +
|
||||
")",
|
||||
|
|
@ -4309,12 +4309,12 @@ CHV.fn.fillEmbedCodes = function (elements, parent, fn) {
|
|||
|
||||
template = template.replace(
|
||||
new RegExp("%" + i.toUpperCase() + "%", "g"),
|
||||
flatten_image[i]
|
||||
PF.fn.htmlEncode(PF.fn.htmlEncode(flatten_image[i]))
|
||||
);
|
||||
}
|
||||
|
||||
$embed[fn](
|
||||
$embed.val() +
|
||||
$embed.html() +
|
||||
template +
|
||||
($embed.data("size") == "thumb" ? " " : "\n")
|
||||
);
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -15,6 +15,8 @@
|
|||
|
||||
--------------------------------------------------------------------- */
|
||||
|
||||
use function G\safe_html;
|
||||
|
||||
$route = function ($handler) {
|
||||
try {
|
||||
if ($handler->isRequestLevel(2)) {
|
||||
|
|
@ -54,17 +56,17 @@ $route = function ($handler) {
|
|||
$data = [
|
||||
'version' => '1.0',
|
||||
'type' => 'photo',
|
||||
'provider_name' => CHV\Settings::get('website_name'),
|
||||
'provider_name' => safe_html(CHV\Settings::get('website_name')),
|
||||
'provider_url' => G\get_base_url(),
|
||||
'title' => $image['title'],
|
||||
|
||||
'url' => $image['url_viewer'],
|
||||
'title' => safe_html($image['title']),
|
||||
'url' => $image['display_url'],
|
||||
'web_page' => $image['url_viewer'],
|
||||
'width' => $image['width'],
|
||||
'height' => $image['height'],
|
||||
];
|
||||
if ($image['user']) {
|
||||
if (isset($image['user'])) {
|
||||
$data = array_merge($data, [
|
||||
'author_name' => $image['user']['username'],
|
||||
'author_name' => safe_html($image['user']['username']),
|
||||
'author_url' => $image['user']['url'],
|
||||
]);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -142,12 +142,15 @@
|
|||
echo '<meta name="twitter:' . $k . '" content="' . $v . '">' . "\n";
|
||||
}
|
||||
|
||||
if (function_exists('get_image') and G\is_route('image')) {
|
||||
if(G\Handler::getVar('oembed')) {
|
||||
foreach (['json', 'xml'] as $format) {
|
||||
echo ' <link rel="alternate" type="application/'.$format.'+oembed" href="'
|
||||
. G\get_base_url('oembed/?url='.urlencode(get_image()['url_viewer']).'&format='. $format)
|
||||
. '" title="'.get_safe_html_doctitle()['title'].'">' . "\n";
|
||||
} ?>
|
||||
. G\get_base_url('oembed/?url='.urlencode(G\Handler::getVar('oembed')['url']).'&format='. $format)
|
||||
. '" title="'.G\Handler::getVar('oembed')['title'].'">' . "\n";
|
||||
}
|
||||
}
|
||||
|
||||
if (function_exists('get_image') and G\is_route('image')) { ?>
|
||||
<link rel="image_src" href="<?php echo get_image()['url']; ?>">
|
||||
<?php
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ $embed_tpl = [
|
|||
'options' => [
|
||||
'html-embed' => [
|
||||
'label' => _s('HTML image'),
|
||||
'template' => '<img src="%URL%" alt="%TITLE%" border="0">',
|
||||
'template' => '<img src="%URL%" alt="%FILENAME%" border="0">',
|
||||
'size' => 'full',
|
||||
],
|
||||
'html-embed-full' => [
|
||||
|
|
|
|||
21
app/web.php
21
app/web.php
|
|
@ -490,19 +490,34 @@ try {
|
|||
// Maintenance mode + Consent screen
|
||||
if ($handler::getCond('maintenance') || $handler::getCond('show_consent_screen')) {
|
||||
$handler::setCond('private_gate', true);
|
||||
$allowed_requests = ['login', 'account', 'connect', 'recaptcha-verify'];
|
||||
$allowed_requests = ['login', 'account', 'connect', 'recaptcha-verify', 'oembed'];
|
||||
if (!in_array($handler->request_array[0], $allowed_requests)) {
|
||||
$handler->preventRoute($handler::getCond('show_consent_screen') ? 'consent-screen' : 'maintenance');
|
||||
}
|
||||
}
|
||||
|
||||
if($handler->request_array[0] == getSetting('route_image')) {
|
||||
$id = getIdFromURLComponent($handler->request[0]);
|
||||
if ($id !== false) {
|
||||
$image = Image::getSingle($id, false, true, $handler::getVar('logged_user'));
|
||||
$userNotBanned = isset($image['user']['status'])
|
||||
? $image['user']['status'] != 'banned'
|
||||
: true;
|
||||
if ($image && $image['is_approved'] && $userNotBanned && !in_array($image['album']['privacy'], array('private', 'custom'))) {
|
||||
$image_safe_html = G\safe_html($image);
|
||||
$handler::setVar('oembed', [
|
||||
'title' => ($image_safe_html['title'] ?? ($image_safe_html['name'] . '.' . $image['extension'])) . ' hosted at ' . getSetting('website_name'),
|
||||
'url' => $image['url_viewer']
|
||||
]);
|
||||
}
|
||||
}
|
||||
}
|
||||
// Inject system notices
|
||||
$handler::setVar('system_notices', Login::isAdmin() ? getSystemNotices() : null);
|
||||
|
||||
if (!in_array($handler->request_array[0], ['login', 'signup', 'account', 'connect', 'logout', 'json', 'api', 'recaptcha-verify'])) {
|
||||
$_SESSION['last_url'] = G\get_current_url();
|
||||
}
|
||||
if (!isset($_SESSION['is_mobile_device']) || 2 > 1) {
|
||||
if (!isset($_SESSION['is_mobile_device'])) {
|
||||
$_SESSION['is_mobile_device'] = false;
|
||||
$detect = new Mobile_Detect();
|
||||
$_SESSION['is_mobile_device'] = $detect->isMobile();
|
||||
|
|
|
|||
Loading…
Reference in New Issue