SF.net SVN: postfixadmin:[1330] branches/postfixadmin-2.3

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 1330
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1330&view=rev
Author:   christian_boltz
Date:     2012-01-11 21:42:19 +0000 (Wed, 11 Jan 2012)
Log Message:
-----------
More XSS fixes:

create-alias.php, edit-alias.php:
- fix XSS in error message
    
templates/admin_list-domain.php:
- fix XSS (by values stored in the database) in "description" field

templates/fetchmail.php:
- fix XSS (by values stored in the database) in any field

templates/list-virtual.php:
- fix XSS (by values stored in the database) in "name" field

+ CHANGELOG.TXT update

Again, thanks to Filippo Cavallarin for pointing out those issues.

Modified Paths:
--------------
    branches/postfixadmin-2.3/CHANGELOG.TXT
    branches/postfixadmin-2.3/create-alias.php
    branches/postfixadmin-2.3/edit-alias.php
    branches/postfixadmin-2.3/templates/admin_list-domain.php
    branches/postfixadmin-2.3/templates/fetchmail.php
    branches/postfixadmin-2.3/templates/list-virtual.php

Modified: branches/postfixadmin-2.3/CHANGELOG.TXT
===================================================================

--- branches/postfixadmin-2.3/CHANGELOG.TXT	2012-01-11 18:45:10 UTC (rev 1329)
+++ branches/postfixadmin-2.3/CHANGELOG.TXT	2012-01-11 21:42:19 UTC (rev 1330)
@@ -21,6 +21,9 @@
              contain malicious SQL. Double-check before using them!
   - fix XSS with $_GET[domain] in templates/menu.php and edit-vacation
   - fix XSS in some create-domain input fields
+  - fix XSS in create-alias and edit-alias error message
+  - fix XSS (by values stored in the database) in fetchmail list view,
+    list-domain and list-virtual
   - create-domain: fix SQL injection (only exploitable by superadmins)
   - add missing $LANG['pAdminDelete_admin_error']
   - don't mark mailbox targets with recipient delimiter as "forward only"

Modified: branches/postfixadmin-2.3/create-alias.php
===================================================================
--- branches/postfixadmin-2.3/create-alias.php	2012-01-11 18:45:10 UTC (rev 1329)
+++ branches/postfixadmin-2.3/create-alias.php	2012-01-11 21:42:19 UTC (rev 1330)
@@ -133,7 +133,7 @@
            $error = 1; 
            $tGoto = $goto; 
            if (!empty($tMessage)) $tMessage .= "<br />";
-           $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . "$address</span>"; 
+           $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . htmlentities($address) . "</span>"; 
        }
     }
     

Modified: branches/postfixadmin-2.3/edit-alias.php
===================================================================
--- branches/postfixadmin-2.3/edit-alias.php	2012-01-11 18:45:10 UTC (rev 1329)
+++ branches/postfixadmin-2.3/edit-alias.php	2012-01-11 21:42:19 UTC (rev 1330)
@@ -129,7 +129,7 @@
             $error = 1;
             $tGoto = $goto;
             if (!empty($tMessage)) $tMessage .= "<br />";
-            $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . "$address</span>";
+            $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . htmlentities($address) . "</span>"; 
         }
     }
 

Modified: branches/postfixadmin-2.3/templates/admin_list-domain.php
===================================================================
--- branches/postfixadmin-2.3/templates/admin_list-domain.php	2012-01-11 18:45:10 UTC (rev 1329)
+++ branches/postfixadmin-2.3/templates/admin_list-domain.php	2012-01-11 21:42:19 UTC (rev 1330)
@@ -50,7 +50,7 @@
       {
          print "   <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
          print "<td><a href=\"list-virtual.php?domain=" . $domain_properties[$i]['domain'] . "\">" . $domain_properties[$i]['domain'] . "</a></td>";
-         print "<td>" . $domain_properties[$i]['description'] . "</td>";
+         print "<td>" . htmlentities($domain_properties[$i]['description']) . "</td>";
          print "<td>" . $domain_properties[$i]['alias_count'] . " / " . $domain_properties[$i]['aliases'] . "</td>";
          print "<td>" . $domain_properties[$i]['mailbox_count'] . " / " . $domain_properties[$i]['mailboxes'] . "</td>";
          if ($CONF['quota'] == 'YES')

Modified: branches/postfixadmin-2.3/templates/fetchmail.php
===================================================================
--- branches/postfixadmin-2.3/templates/fetchmail.php	2012-01-11 18:45:10 UTC (rev 1329)
+++ branches/postfixadmin-2.3/templates/fetchmail.php	2012-01-11 21:42:19 UTC (rev 1330)
@@ -41,7 +41,7 @@
             list($editible,$view,$type)=$fm_struct[$key];
             if ($view){
                $func="_listview_".$type;
-               print "      <td nowrap>" . (function_exists($func)?$func($val):$val) . "</td>\n";
+               print "      <td nowrap>" . htmlentities(function_exists($func)?$func($val):$val) . "</td>\n";
             }
 
          }

Modified: branches/postfixadmin-2.3/templates/list-virtual.php
===================================================================
--- branches/postfixadmin-2.3/templates/list-virtual.php	2012-01-11 18:45:10 UTC (rev 1329)
+++ branches/postfixadmin-2.3/templates/list-virtual.php	2012-01-11 21:42:19 UTC (rev 1330)
@@ -314,7 +314,7 @@
          }
 
 
-         print "      <td>" . $tMailbox[$i]['name'] . "</td>\n";
+         print "      <td>" . htmlentities($tMailbox[$i]['name']) . "</td>\n";
          if ($CONF['quota'] == 'YES')
          {
             print "      <td>";

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



