ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2439 from mnoorenberghe/plugin_xss 

Plugin.php: XSS and directory traversal fixes; Enable CSP script-src
This commit is contained in:
Andrew Bauer 2019-01-24 07:32:57 -06:00 committed by GitHub
parent e53678f869 47d8c9b066
commit 03590226ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
web/includes/functions.php
View File

@ -55,6 +55,7 @@ function CSPHeaders($view, $nonce) {
case 'log': case 'log':
case 'logout': case 'logout':
case 'options': case 'options':
case 'plugin':
case 'privacy': case 'privacy':
case 'storage': case 'storage':
case 'version': { case 'version': {

12
web/skins/classic/views/plugin.php
View File

@ -36,7 +36,8 @@ if ( $zid > 0 ) {
return; return;
} }
$monitor = dbFetchMonitor ( $mid ); $monitor = dbFetchMonitor ( $mid );
$plugin = $_REQUEST['pl']; // Only allow certain filename characters (not including a period) to prevent directory traversal.
$plugin = preg_replace('/[^-a-zA-Z0-9]/', '', $_REQUEST['pl']);
$plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin; $plugin_path = dirname(ZM_PLUGINS_CONFIG_PATH)."/".$plugin;
@ -103,7 +104,7 @@ function pLang($name)
<body> <body>
<div id="page"> <div id="page">
<div id="header"> <div id="header">
<h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo $plugin ?></h2> <h2><?php echo translate('Monitor') ?> <?php echo $monitor['Name'] ?> - <?php echo translate('Zone') ?> <?php echo $newZone['Name'] ?> - <?php echo translate('Plugin') ?> <?php echo validHtmlStr($plugin) ?></h2>
</div> </div>
<div id="content"> <div id="content">
<form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>"> <form name="pluginForm" id="pluginForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
@ -111,7 +112,7 @@ function pLang($name)
<input type="hidden" name="action" value="plugin"/> <input type="hidden" name="action" value="plugin"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/> <input type="hidden" name="mid" value="<?php echo $mid ?>"/>
<input type="hidden" name="zid" value="<?php echo $zid ?>"/> <input type="hidden" name="zid" value="<?php echo $zid ?>"/>
<input type="hidden" name="pl" value="<?php echo $plugin ?>"/> <input type="hidden" name="pl" value="<?php echo validHtmlStr($plugin) ?>"/>
<div id="settingsPanel"> <div id="settingsPanel">
<table id="pluginSettings" cellspacing="0"> <table id="pluginSettings" cellspacing="0">
@ -143,8 +144,9 @@ foreach($pluginOptions as $name => $popt)
<?php <?php
} }
?> ?>
</td>
</select> </select>
</td>
<?php <?php
break; break;
case "text": case "text":
@ -158,7 +160,7 @@ foreach($pluginOptions as $name => $popt)
?> ?>
</tbody> </tbody>
</table> </table>
<input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" onclick="return saveChanges( this )"<?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/> <input type="submit" id="submitBtn" name="submitBtn" value="<?php echo translate('Save') ?>" <?php if (!canEdit( 'Monitors' ) || (false && $selfIntersecting)) { ?> disabled="disabled"<?php } ?>/>
<input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/> <input type="button" value="<?php echo translate('Cancel') ?>" data-on-click="closeWindow"/>
</div> </div>
</form> </form>