[dev] [cvs] commit: ansel edit_dates.php map_edit.php ansel/gallery sort.php ansel/lib Ansel.php Faces.php ansel/lib/Block gallery.php random_photo.php ansel/lib/Tile DateGallery.php Gallery.php ansel/lib/Views Image.php ansel/lib/Widget Actions.php Geodata.php ...

Michael Rubinsky mrubinsk at horde.org
Sun Jul 12 15:13:03 UTC 2009 

Quoting Jan Schneider <jan at horde.org>:

> This opens all kind of XSS holes.

I'm not quite sure I see why. IIRC, these are all image tags whose src  
is generated with Ansel::getImageUrl() - which must have a valid image  
id or it fails.  Even when doing this via the Horde::img() method, the  
src attribute is never escaped anyway, so unless I'm missing  
something, this is identical to calling Horde::img() in that respect.

I have no problem reverting this back to using Horde::img though, but  
will wait for Michael S. to get in on the discussion since this was  
done at his request.



>
> Zitat von Michael Rubinsky <mike at theupstairsroom.com>:
>
>> mrubinsk    2009-06-30 11:48:11 EDT
>>
>>  Modified files:        (Branch: FRAMEWORK_3)
>>    .                    edit_dates.php map_edit.php
>>    gallery              sort.php
>>    lib                  Ansel.php Faces.php
>>    lib/Block            gallery.php random_photo.php
>>    lib/Tile             DateGallery.php Gallery.php
>>    lib/Views            Image.php
>>    lib/Widget           Actions.php Geodata.php
>>    templates/captions   captions.inc
>>    templates/image      crop_image.inc edit_image.inc
>>                         preview_cropimage.inc preview_image.inc
>>                         resize_image.inc
>>    templates/rss        rss.inc rss2.inc
>>    templates/tile       image.inc
>>    templates/view       image.inc
>>  Log:
>>  MFH: Don't use Horde::img() as a shortcut for generating <img> tags
>>
>>  1.6       +2 -2      ansel/edit_dates.php
>>  1.27      +5 -5      ansel/gallery/sort.php
>>  1.602     +2 -3      ansel/lib/Ansel.php
>>  1.51      +2 -4      ansel/lib/Block/gallery.php
>>  1.37      +2 -3      ansel/lib/Block/random_photo.php
>>  1.26      +4 -5      ansel/lib/Faces.php
>>  1.12      +3 -5      ansel/lib/Tile/DateGallery.php
>>  1.39      +2 -2      ansel/lib/Tile/Gallery.php
>>  1.83      +2 -2      ansel/lib/Views/Image.php
>>  1.51      +2 -2      ansel/lib/Widget/Actions.php
>>  1.37      +2 -2      ansel/lib/Widget/Geodata.php
>>  1.13      +2 -2      ansel/map_edit.php
>>  1.27      +1 -1      ansel/templates/captions/captions.inc
>>  1.11      +1 -1      ansel/templates/image/crop_image.inc
>>  1.54      +1 -1      ansel/templates/image/edit_image.inc
>>  1.5       +1 -1      ansel/templates/image/preview_cropimage.inc
>>  1.29      +1 -1      ansel/templates/image/preview_image.inc
>>  1.10      +1 -1      ansel/templates/image/resize_image.inc
>>  1.4       +1 -1      ansel/templates/rss/rss.inc
>>  1.7       +1 -1      ansel/templates/rss/rss2.inc
>>  1.31      +2 -2      ansel/templates/tile/image.inc
>>  1.96      +10 -13    ansel/templates/view/image.inc
>>
>>  Revision    Changes    Path
>>  1.2.2.5     +2 -2      ansel/edit_dates.php
>>  1.23.2.3    +5 -5      ansel/gallery/sort.php
>>  1.517.2.58  +2 -3      ansel/lib/Ansel.php
>>  1.45.2.6    +2 -4      ansel/lib/Block/gallery.php
>>  1.35.2.2    +2 -3      ansel/lib/Block/random_photo.php
>>  1.18.2.5    +4 -5      ansel/lib/Faces.php
>>  1.7.2.3     +3 -5      ansel/lib/Tile/DateGallery.php
>>  1.36.2.2    +2 -2      ansel/lib/Tile/Gallery.php
>>  1.68.2.13   +2 -2      ansel/lib/Views/Image.php
>>  1.26.2.25   +2 -2      ansel/lib/Widget/Actions.php
>>  1.1.2.22    +2 -2      ansel/lib/Widget/Geodata.php
>>  1.1.2.13    +2 -2      ansel/map_edit.php
>>  1.24.2.1    +1 -1      ansel/templates/captions/captions.inc
>>  1.8.2.1     +1 -1      ansel/templates/image/crop_image.inc
>>  1.51.2.1    +1 -1      ansel/templates/image/edit_image.inc
>>  1.2.2.1     +1 -1      ansel/templates/image/preview_cropimage.inc
>>  1.26.2.1    +1 -1      ansel/templates/image/preview_image.inc
>>  1.7.2.1     +1 -1      ansel/templates/image/resize_image.inc
>>  1.3.2.1     +1 -1      ansel/templates/rss/rss.inc
>>  1.6.2.1     +1 -1      ansel/templates/rss/rss2.inc
>>  1.29.2.1    +2 -2      ansel/templates/tile/image.inc
>>  1.86.2.8    +10 -13    ansel/templates/view/image.inc
>>
>>  Chora Links:
>>    
>> http://cvs.horde.org/diff.php/ansel/edit_dates.php?rt=horde&r1=1.2.2.4&r2=1.2.2.5&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/gallery/sort.php?rt=horde&r1=1.23.2.2&r2=1.23.2.3&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Ansel.php?rt=horde&r1=1.517.2.57&r2=1.517.2.58&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Block/gallery.php?rt=horde&r1=1.45.2.5&r2=1.45.2.6&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Block/random_photo.php?rt=horde&r1=1.35.2.1&r2=1.35.2.2&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Faces.php?rt=horde&r1=1.18.2.4&r2=1.18.2.5&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Tile/DateGallery.php?rt=horde&r1=1.7.2.2&r2=1.7.2.3&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Tile/Gallery.php?rt=horde&r1=1.36.2.1&r2=1.36.2.2&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Views/Image.php?rt=horde&r1=1.68.2.12&r2=1.68.2.13&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Widget/Actions.php?rt=horde&r1=1.26.2.24&r2=1.26.2.25&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/lib/Widget/Geodata.php?rt=horde&r1=1.1.2.21&r2=1.1.2.22&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/map_edit.php?rt=horde&r1=1.1.2.12&r2=1.1.2.13&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/captions/captions.inc?rt=horde&r1=1.24&r2=1.24.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/image/crop_image.inc?rt=horde&r1=1.8&r2=1.8.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/image/edit_image.inc?rt=horde&r1=1.51&r2=1.51.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/image/preview_cropimage.inc?rt=horde&r1=1.2&r2=1.2.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/image/preview_image.inc?rt=horde&r1=1.26&r2=1.26.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/image/resize_image.inc?rt=horde&r1=1.7&r2=1.7.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/rss/rss.inc?rt=horde&r1=1.3&r2=1.3.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/rss/rss2.inc?rt=horde&r1=1.6&r2=1.6.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/tile/image.inc?rt=horde&r1=1.29&r2=1.29.2.1&ty=u
>>    
>> http://cvs.horde.org/diff.php/ansel/templates/view/image.inc?rt=horde&r1=1.86.2.7&r2=1.86.2.8&ty=u
>>
>> --
>> To unsubscribe, mail: cvs-unsubscribe at lists.horde.org
>>
>
>
>
> Jan.
>
> -- 
> Do you need professional PHP or Horde consulting?
> http://horde.org/consulting/
>



Thanks,
mike

--
The Horde Project (www.horde.org)
mrubinsk at horde.org

"Time just hates me. That's why it made me an adult." - Josh Joplin

More information about the dev mailing list