[dev] [cvs] commit: ansel edit_dates.php map_edit.php ansel/gallery sort.php ansel/lib Ansel.php Faces.php ansel/lib/Block gallery.php random_photo.php ansel/lib/Tile DateGallery.php Gallery.php ansel/lib/Views Image.php ansel/lib/Widget Actions.php Geodata.php ...
Jan Schneider
jan at horde.org
Sun Jul 12 15:30:45 UTC 2009
Zitat von Michael Rubinsky <mrubinsk at horde.org>:
>
> Quoting Jan Schneider <jan at horde.org>:
>
>> This opens all kind of XSS holes.
>
> I'm not quite sure I see why. IIRC, these are all image tags whose
> src is generated with Ansel::getImageUrl() - which must have a valid
> image id or it fails. Even when doing this via the Horde::img()
> method, the src attribute is never escaped anyway, so unless I'm
> missing something, this is identical to calling Horde::img() in that
> respect.
>
> I have no problem reverting this back to using Horde::img though,
> but will wait for Michael S. to get in on the discussion since this
> was done at his request.
It's not the src attributes but the unescaped alt/title attributes
that partially contain user contributed data.
>> Zitat von Michael Rubinsky <mike at theupstairsroom.com>:
>>
>>> mrubinsk 2009-06-30 11:48:11 EDT
>>>
>>> Modified files: (Branch: FRAMEWORK_3)
>>> . edit_dates.php map_edit.php
>>> gallery sort.php
>>> lib Ansel.php Faces.php
>>> lib/Block gallery.php random_photo.php
>>> lib/Tile DateGallery.php Gallery.php
>>> lib/Views Image.php
>>> lib/Widget Actions.php Geodata.php
>>> templates/captions captions.inc
>>> templates/image crop_image.inc edit_image.inc
>>> preview_cropimage.inc preview_image.inc
>>> resize_image.inc
>>> templates/rss rss.inc rss2.inc
>>> templates/tile image.inc
>>> templates/view image.inc
>>> Log:
>>> MFH: Don't use Horde::img() as a shortcut for generating <img> tags
>>>
>>> 1.6 +2 -2 ansel/edit_dates.php
>>> 1.27 +5 -5 ansel/gallery/sort.php
>>> 1.602 +2 -3 ansel/lib/Ansel.php
>>> 1.51 +2 -4 ansel/lib/Block/gallery.php
>>> 1.37 +2 -3 ansel/lib/Block/random_photo.php
>>> 1.26 +4 -5 ansel/lib/Faces.php
>>> 1.12 +3 -5 ansel/lib/Tile/DateGallery.php
>>> 1.39 +2 -2 ansel/lib/Tile/Gallery.php
>>> 1.83 +2 -2 ansel/lib/Views/Image.php
>>> 1.51 +2 -2 ansel/lib/Widget/Actions.php
>>> 1.37 +2 -2 ansel/lib/Widget/Geodata.php
>>> 1.13 +2 -2 ansel/map_edit.php
>>> 1.27 +1 -1 ansel/templates/captions/captions.inc
>>> 1.11 +1 -1 ansel/templates/image/crop_image.inc
>>> 1.54 +1 -1 ansel/templates/image/edit_image.inc
>>> 1.5 +1 -1 ansel/templates/image/preview_cropimage.inc
>>> 1.29 +1 -1 ansel/templates/image/preview_image.inc
>>> 1.10 +1 -1 ansel/templates/image/resize_image.inc
>>> 1.4 +1 -1 ansel/templates/rss/rss.inc
>>> 1.7 +1 -1 ansel/templates/rss/rss2.inc
>>> 1.31 +2 -2 ansel/templates/tile/image.inc
>>> 1.96 +10 -13 ansel/templates/view/image.inc
>>>
>>> Revision Changes Path
>>> 1.2.2.5 +2 -2 ansel/edit_dates.php
>>> 1.23.2.3 +5 -5 ansel/gallery/sort.php
>>> 1.517.2.58 +2 -3 ansel/lib/Ansel.php
>>> 1.45.2.6 +2 -4 ansel/lib/Block/gallery.php
>>> 1.35.2.2 +2 -3 ansel/lib/Block/random_photo.php
>>> 1.18.2.5 +4 -5 ansel/lib/Faces.php
>>> 1.7.2.3 +3 -5 ansel/lib/Tile/DateGallery.php
>>> 1.36.2.2 +2 -2 ansel/lib/Tile/Gallery.php
>>> 1.68.2.13 +2 -2 ansel/lib/Views/Image.php
>>> 1.26.2.25 +2 -2 ansel/lib/Widget/Actions.php
>>> 1.1.2.22 +2 -2 ansel/lib/Widget/Geodata.php
>>> 1.1.2.13 +2 -2 ansel/map_edit.php
>>> 1.24.2.1 +1 -1 ansel/templates/captions/captions.inc
>>> 1.8.2.1 +1 -1 ansel/templates/image/crop_image.inc
>>> 1.51.2.1 +1 -1 ansel/templates/image/edit_image.inc
>>> 1.2.2.1 +1 -1 ansel/templates/image/preview_cropimage.inc
>>> 1.26.2.1 +1 -1 ansel/templates/image/preview_image.inc
>>> 1.7.2.1 +1 -1 ansel/templates/image/resize_image.inc
>>> 1.3.2.1 +1 -1 ansel/templates/rss/rss.inc
>>> 1.6.2.1 +1 -1 ansel/templates/rss/rss2.inc
>>> 1.29.2.1 +2 -2 ansel/templates/tile/image.inc
>>> 1.86.2.8 +10 -13 ansel/templates/view/image.inc
>>>
>>> Chora Links:
>>>
>>> http://cvs.horde.org/diff.php/ansel/edit_dates.php?rt=horde&r1=1.2.2.4&r2=1.2.2.5&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/gallery/sort.php?rt=horde&r1=1.23.2.2&r2=1.23.2.3&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Ansel.php?rt=horde&r1=1.517.2.57&r2=1.517.2.58&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Block/gallery.php?rt=horde&r1=1.45.2.5&r2=1.45.2.6&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Block/random_photo.php?rt=horde&r1=1.35.2.1&r2=1.35.2.2&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Faces.php?rt=horde&r1=1.18.2.4&r2=1.18.2.5&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Tile/DateGallery.php?rt=horde&r1=1.7.2.2&r2=1.7.2.3&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Tile/Gallery.php?rt=horde&r1=1.36.2.1&r2=1.36.2.2&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Views/Image.php?rt=horde&r1=1.68.2.12&r2=1.68.2.13&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Widget/Actions.php?rt=horde&r1=1.26.2.24&r2=1.26.2.25&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/lib/Widget/Geodata.php?rt=horde&r1=1.1.2.21&r2=1.1.2.22&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/map_edit.php?rt=horde&r1=1.1.2.12&r2=1.1.2.13&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/captions/captions.inc?rt=horde&r1=1.24&r2=1.24.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/image/crop_image.inc?rt=horde&r1=1.8&r2=1.8.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/image/edit_image.inc?rt=horde&r1=1.51&r2=1.51.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/image/preview_cropimage.inc?rt=horde&r1=1.2&r2=1.2.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/image/preview_image.inc?rt=horde&r1=1.26&r2=1.26.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/image/resize_image.inc?rt=horde&r1=1.7&r2=1.7.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/rss/rss.inc?rt=horde&r1=1.3&r2=1.3.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/rss/rss2.inc?rt=horde&r1=1.6&r2=1.6.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/tile/image.inc?rt=horde&r1=1.29&r2=1.29.2.1&ty=u
>>>
>>> http://cvs.horde.org/diff.php/ansel/templates/view/image.inc?rt=horde&r1=1.86.2.7&r2=1.86.2.8&ty=u
>>>
>>> --
>>> To unsubscribe, mail: cvs-unsubscribe at lists.horde.org
>>>
>>
>>
>>
>> Jan.
>>
>> --
>> Do you need professional PHP or Horde consulting?
>> http://horde.org/consulting/
>>
>
>
>
> Thanks,
> mike
>
> --
> The Horde Project (www.horde.org)
> mrubinsk at horde.org
>
> "Time just hates me. That's why it made me an adult." - Josh Joplin
>
> --
> Horde developers mailing list - Join the hunt: http://horde.org/bounties/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: dev-unsubscribe at lists.horde.org
>
Jan.
--
Do you need professional PHP or Horde consulting?
http://horde.org/consulting/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digitale PGP-Unterschrift
URL: <http://lists.horde.org/archives/dev/attachments/20090712/2235f32f/attachment-0001.bin>
More information about the dev
mailing list