Project

General

Profile

Files » chamilo-1.9.4-vuln-8.patch

Yannick Warnier, 06/03/2013 06:54

View differences:

main/announcements/announcements.php
109 109
	$_SESSION['select_groupusers'] = "hide";
110 110
}
111 111

  
112
$origin = empty($_GET['origin']) ? '' : Security::remove_XSS($_GET['origin']);
113

  
112 114
/* 	Action handling */
113 115

  
114 116
// display the form
......
130 132

  
131 133
if(!empty($_GET['toolgroup'])){
132 134
	if($_GET['toolgroup'] == strval(intval($_GET['toolgroup']))){ //check is integer
133
		$toolgroup = $_GET['toolgroup'];
135
		$toolgroup = intval($_GET['toolgroup']);
134 136
		$_SESSION['select_groupusers'] = 'hide';
135 137
	} else {
136 138
		$toolgroup = 0;
......
338 340
	/*
339 341
		Submit announcement
340 342
	*/
341
	
343

  
342 344
	$emailTitle=(!empty($_POST['emailTitle'])?$safe_emailTitle:'');
343 345
	$newContent=(!empty($_POST['newContent'])?$safe_newContent:'');
344 346

  
......
538 540
if ((api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) and (empty($_GET['origin']) or $_GET['origin'] !== 'learnpath')) {
539 541
	echo '<div class="actions">';
540 542
	if (isset($_GET['action']) && in_array($_GET['action'], array('add', 'modify','view'))) {
541
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
543
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".$origin."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
542 544
	} else {
543
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'',ICON_SIZE_MEDIUM)."</a>";
545
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".$origin."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'',ICON_SIZE_MEDIUM)."</a>";
544 546
	}
545 547
	$show_actions = true;
546 548
} else {
547 549
    if (in_array($_GET['action'], array('view'))) {
548 550
        echo '<div class="actions">';
549
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
551
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".$origin."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
550 552
        echo '</div>';
551 553
    }
552 554
}
......
941 943
            echo '<h2>'.get_lang('Announcements').'</h2>';
942 944
            echo Display::return_icon('valves.png', '', array(), 64);
943 945
            echo '<div class="controls">';
944
            echo Display::url(get_lang('AddAnnouncement'), api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$_GET['origin']) , array('class' => 'btn'));
946
            echo Display::url(get_lang('AddAnnouncement'), api_get_self()."?".api_get_cidreq()."&action=add&origin=".$origin, array('class' => 'btn'));
945 947
            echo '</div>';
946 948
            echo '</div>';
947 949
        } else {
......
1022 1024
    					$image_visibility="invisible";
1023 1025
    					$alt_visibility=get_lang('Visible');
1024 1026
    				}
1025
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".(!empty($_GET['origin'])?Security::remove_XSS($_GET['origin']):'')."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".
1027
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".$origin."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".
1026 1028
    						Display::return_icon($image_visibility.'.png', $alt_visibility,'',ICON_SIZE_SMALL)."</a>";
1027 1029

  
1028 1030
    				// DISPLAY MOVE UP COMMAND only if it is not the top announcement
main/blog/blog.php
10 10
 */
11 11
// name of the language file that needs to be included
12 12
$language_file = "blog";
13
require_once '../inc/global.inc.php';
14

  
13 15
$blog_id = intval($_GET['blog_id']);
14 16

  
15
require_once '../inc/global.inc.php';
17
if (empty($blog_id)) {
18
    api_not_allowed(true);
19
}
20

  
16 21
$this_section   = SECTION_COURSES;
17 22
$current_course_tool  = TOOL_BLOGS;
18 23

  
......
287 292
					<form action="blog.php" method="get" enctype="multipart/form-data">
288 293
						<input type="hidden" name="blog_id" value="<?php echo $blog_id ?>" />
289 294
						<input type="hidden" name="action" value="view_search_result" />
290
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? $_GET['q'] : ''); ?>" /><button class="btn search" type="submit"><?php echo get_lang('Search'); ?></button>
295
						<input type="text" size="20" name="q" value="<?php echo isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : ''; ?>" /><button class="btn search" type="submit"><?php echo get_lang('Search'); ?></button>
291 296
					</form>
292 297
				</td>
293 298
			</tr>
......
302 307
					<?php Blog::get_personal_task_list(); ?>
303 308
				</td>
304 309
			</tr>
305
		</table>		
310
		</table>
306 311
	</td>
307 312
	<td valign="top" class="blog_right">
308 313
		<?php
main/chat/chat.php
21 21
} else {
22 22
	$origin = $_SESSION['origin'];
23 23
	$target = $_SESSION['target'];
24
	$_SESSION['origin']=$_GET["origin"];
25
	$_SESSION['target']=$_GET["target"];
24
	$_SESSION['origin']= Security::remove_XSS($_GET["origin"]);
25
	$_SESSION['target']= Security::remove_XSS($_GET["target"]);
26 26
}
27 27

  
28 28
/*  TRACKING */
......
71 71

  
72 72
	$group_properties  = GroupManager :: get_group_properties($_clean['group_id']);
73 73
	$interbreadcrumb[] = array('url' => '../group/group.php', 'name' => get_lang('Groups'));
74
	$interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq='.$_SESSION['_gid'], 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
74
	$interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq='.api_get_group_id(), 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
75 75
	$noPHP_SELF = true;
76 76
	$shortBanner = false;
77 77
	$add_group_to_title = ' ('.$group_properties['name'].')';
main/chat/chat_chat.php
47 47
	$chat_path = $document_path.$basepath_chat.'/';
48 48

  
49 49
	$TABLEITEMPROPERTY = Database::get_course_table(TABLE_ITEM_PROPERTY);
50
	
50

  
51 51
	$course_id = api_get_course_int_id();
52 52

  
53 53
	if (!is_dir($chat_path)) {
......
75 75
	} else {
76 76
		$filename_chat = 'messages-'.$date_now.'.log.html';
77 77
	}
78
	
78

  
79 79
	if (!file_exists($chat_path.$filename_chat)) {
80 80
		@fclose(fopen($chat_path.$filename_chat, 'w'));
81 81
		if (!api_is_anonymous()) {
......
116 116

  
117 117
		update_existing_document($_course, $doc_id, 0);
118 118
	}
119
	
119

  
120 120
	$remove = 0;
121 121
	$content = array();
122 122
	if (file_exists($chat_path.$basename_chat.'.log.html')) {
......
155 155
	if ($isMaster || $is_courseCoach) {
156 156
		$rand = mt_rand(1, 1000);
157 157
		echo '<div style="margin-left: 5px;">';
158
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&cidReq='.$_GET['cidReq'].'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
158
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&'.api_get_cidreq().'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
159 159
		echo '</div>';
160 160
	}
161 161
} else {
main/chat/chat_hidden.php
75 75
if (file_exists($file)) {
76 76
    $chat_size_new = filesize($file);
77 77
}
78
 
78

  
79 79
$sql = "SELECT user_id FROM $tbl_chat_connected WHERE user_id='".$_user['user_id']."' $extra_condition";
80 80
$result = Database::query($sql);
81 81

  
......
98 98
disconnect_user_of_chat ();
99 99
require 'header_frame.inc.php';
100 100
?>
101
<form name="formHidden" method="post" action="<?php echo api_get_self().'?cidReq='.$_GET['cidReq']; ?>">
101
<form name="formHidden" method="post" action="<?php echo api_get_self().'?'.api_get_cidreq(); ?>">
102 102
<input type="hidden" name="chat_size_old" value="<?php echo $chat_size_new; ?>">
103 103
<input type="hidden" name="connected_old" value="<?php echo $connected_new; ?>">
104 104
</form>
main/chat/chat_message.php
155 155
	$emoticon_img204  = '<img src="'.api_get_path(WEB_IMG_PATH).'smileys/flag_red_small.gif" alt="'.get_lang('Stop').'" title="'.get_lang('Stop').'" />';
156 156

  
157 157
	if ($sent) {
158
		$message = trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset));
158
		$message = Security::remove_XSS(trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset)));
159 159
		$message = str_replace($emoticon_text1, $emoticon_img1, $message);
160 160
		$message = str_replace($emoticon_text2, $emoticon_img2, $message);
161 161
		$message = str_replace($emoticon_text3, $emoticon_img3, $message);
main/chat/header_frame.inc.php
66 66
{
67 67
	if ('<?php echo $chat_size_old; ?>' != '<?php echo $chat_size_new; ?>')
68 68
	{
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&cidReq='.$_GET['cidReq']; ?>#bottom';
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&'.api_get_cidreq(); ?>#bottom';
70 70
	}
71 71
}
72 72

  
......
87 87
{
88 88
	<?php if($chat_size): ?>
89 89
	parent.chat_hidden.document.formHidden.chat_size_old.value='<?php echo $chat_size; ?>';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&cidReq='.$_GET['cidReq']; ?>#bottom';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&'.api_get_cidreq(); ?>#bottom';
91 91
	<?php endif; ?>
92

  
93 92
	document.formMessage.message.focus();
94 93
}
95 94

  
(2-2/2)