github
/
chevereto-free
mirror of https://github.com/rodber/chevereto-free
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

XSS patches (oembed, dupes)

pull/97/head
Rodolfo Berrios 2021-09-01 13:20:02 -04:00
parent 22b978a12b
commit 1c10eefd0d
No known key found for this signature in database
GPG Key ID: D3AAC2481DBDD9FE
6 changed files with 40 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
app/lib/chevereto.js
View File

@ -4005,7 +4005,7 @@ CHV.fn.uploader = {
JSONresponse.error.message = "Database error"; JSONresponse.error.message = "Database error";
} }
JSONresponse.error.message = JSONresponse.error.message =
CHV.fn.uploader.files[id].name.truncate_middle() + PF.fn.htmlEncode(CHV.fn.uploader.files[id].name.truncate_middle()) +
" - " + " - " +
JSONresponse.error.message; JSONresponse.error.message;
} }
@ -4038,7 +4038,7 @@ CHV.fn.uploader = {
status_code: err_handle.status, status_code: err_handle.status,
error: { error: {
message: message:
CHV.fn.uploader.files[id].name.truncate_middle() + PF.fn.htmlEncode(CHV.fn.uploader.files[id].name.truncate_middle()) +
" - Server error (" + " - Server error (" +
err_handle.statusText + err_handle.statusText +
")", ")",
@ -4309,12 +4309,12 @@ CHV.fn.fillEmbedCodes = function (elements, parent, fn) {
template = template.replace( template = template.replace(
new RegExp("%" + i.toUpperCase() + "%", "g"), new RegExp("%" + i.toUpperCase() + "%", "g"),
flatten_image[i] PF.fn.htmlEncode(PF.fn.htmlEncode(flatten_image[i]))
); );
} }
$embed[fn]( $embed[fn](
$embed.val() + $embed.html() +
template + template +
($embed.data("size") == "thumb" ? " " : "\n") ($embed.data("size") == "thumb" ? " " : "\n")
); );

4
app/lib/chevereto.min.js vendored
View File

File diff suppressed because one or more lines are too long

14
app/routes/route.oembed.php
View File

@ -15,6 +15,8 @@
--------------------------------------------------------------------- */ --------------------------------------------------------------------- */
use function G\safe_html;
$route = function ($handler) { $route = function ($handler) {
try { try {
if ($handler->isRequestLevel(2)) { if ($handler->isRequestLevel(2)) {
@ -54,17 +56,17 @@ $route = function ($handler) {
$data = [ $data = [
'version' => '1.0', 'version' => '1.0',
'type' => 'photo', 'type' => 'photo',
'provider_name' => CHV\Settings::get('website_name'), 'provider_name' => safe_html(CHV\Settings::get('website_name')),
'provider_url' => G\get_base_url(), 'provider_url' => G\get_base_url(),
'title' => $image['title'], 'title' => safe_html($image['title']),
'url' => $image['display_url'],
'url' => $image['url_viewer'], 'web_page' => $image['url_viewer'],
'width' => $image['width'], 'width' => $image['width'],
'height' => $image['height'], 'height' => $image['height'],
]; ];
if ($image['user']) { if (isset($image['user'])) {
$data = array_merge($data, [ $data = array_merge($data, [
'author_name' => $image['user']['username'], 'author_name' => safe_html($image['user']['username']),
'author_url' => $image['user']['url'], 'author_url' => $image['user']['url'],
]); ]);
} }

11
app/themes/Peafowl/head.php
View File

@ -142,12 +142,15 @@
echo '<meta name="twitter:' . $k . '" content="' . $v . '">' . "\n"; echo '<meta name="twitter:' . $k . '" content="' . $v . '">' . "\n";
} }
if (function_exists('get_image') and G\is_route('image')) { if(G\Handler::getVar('oembed')) {
foreach (['json', 'xml'] as $format) { foreach (['json', 'xml'] as $format) {
echo ' <link rel="alternate" type="application/'.$format.'+oembed" href="' echo ' <link rel="alternate" type="application/'.$format.'+oembed" href="'
. G\get_base_url('oembed/?url='.urlencode(get_image()['url_viewer']).'&format='. $format) . G\get_base_url('oembed/?url='.urlencode(G\Handler::getVar('oembed')['url']).'&format='. $format)
. '" title="'.get_safe_html_doctitle()['title'].'">' . "\n"; . '" title="'.G\Handler::getVar('oembed')['title'].'">' . "\n";
} ?> }
}
if (function_exists('get_image') and G\is_route('image')) { ?>
<link rel="image_src" href="<?php echo get_image()['url']; ?>"> <link rel="image_src" href="<?php echo get_image()['url']; ?>">
<?php <?php
} }

2
app/themes/Peafowl/snippets/embed.php
View File

@ -24,7 +24,7 @@ $embed_tpl = [
'options' => [ 'options' => [
'html-embed' => [ 'html-embed' => [
'label' => _s('HTML image'), 'label' => _s('HTML image'),
'template' => '<img src="%URL%" alt="%TITLE%" border="0">', 'template' => '<img src="%URL%" alt="%FILENAME%" border="0">',
'size' => 'full', 'size' => 'full',
], ],
'html-embed-full' => [ 'html-embed-full' => [

21
app/web.php
View File

@ -490,19 +490,34 @@ try {
// Maintenance mode + Consent screen // Maintenance mode + Consent screen
if ($handler::getCond('maintenance') || $handler::getCond('show_consent_screen')) { if ($handler::getCond('maintenance') || $handler::getCond('show_consent_screen')) {
$handler::setCond('private_gate', true); $handler::setCond('private_gate', true);
$allowed_requests = ['login', 'account', 'connect', 'recaptcha-verify']; $allowed_requests = ['login', 'account', 'connect', 'recaptcha-verify', 'oembed'];
if (!in_array($handler->request_array[0], $allowed_requests)) { if (!in_array($handler->request_array[0], $allowed_requests)) {
$handler->preventRoute($handler::getCond('show_consent_screen') ? 'consent-screen' : 'maintenance'); $handler->preventRoute($handler::getCond('show_consent_screen') ? 'consent-screen' : 'maintenance');
} }
} }
if($handler->request_array[0] == getSetting('route_image')) {
$id = getIdFromURLComponent($handler->request[0]);
if ($id !== false) {
$image = Image::getSingle($id, false, true, $handler::getVar('logged_user'));
$userNotBanned = isset($image['user']['status'])
? $image['user']['status'] != 'banned'
: true;
if ($image && $image['is_approved'] && $userNotBanned && !in_array($image['album']['privacy'], array('private', 'custom'))) {
$image_safe_html = G\safe_html($image);
$handler::setVar('oembed', [
'title' => ($image_safe_html['title'] ?? ($image_safe_html['name'] . '.' . $image['extension'])) . ' hosted at ' . getSetting('website_name'),
'url' => $image['url_viewer']
]);
}
}
}
// Inject system notices // Inject system notices
$handler::setVar('system_notices', Login::isAdmin() ? getSystemNotices() : null); $handler::setVar('system_notices', Login::isAdmin() ? getSystemNotices() : null);
if (!in_array($handler->request_array[0], ['login', 'signup', 'account', 'connect', 'logout', 'json', 'api', 'recaptcha-verify'])) { if (!in_array($handler->request_array[0], ['login', 'signup', 'account', 'connect', 'logout', 'json', 'api', 'recaptcha-verify'])) {
$_SESSION['last_url'] = G\get_current_url(); $_SESSION['last_url'] = G\get_current_url();
} }
if (!isset($_SESSION['is_mobile_device']) || 2 > 1) { if (!isset($_SESSION['is_mobile_device'])) {
$_SESSION['is_mobile_device'] = false; $_SESSION['is_mobile_device'] = false;
$detect = new Mobile_Detect(); $detect = new Mobile_Detect();
$_SESSION['is_mobile_device'] = $detect->isMobile(); $_SESSION['is_mobile_device'] = $detect->isMobile();