Project

General

Profile

Files » chamilo-1.9.2-vuln-8.patch

Julio Montoya, 08/03/2013 14:57

View differences:

main/announcements/announcements.php
109 109
	$_SESSION['select_groupusers'] = "hide";
110 110
}
111
$origin = empty($_GET['origin']) ? '' : Security::remove_XSS($_GET['origin']);
112

  
111 113
/* 	Action handling */
112 114
// display the form
......
130 132
if(!empty($_GET['toolgroup'])){
131 133
	if($_GET['toolgroup'] == strval(intval($_GET['toolgroup']))){ //check is integer
132
		$toolgroup = $_GET['toolgroup'];
134
		$toolgroup = intval($_GET['toolgroup']);
133 135
		$_SESSION['select_groupusers'] = 'hide';
134 136
	} else {
135 137
		$toolgroup = 0;
......
538 540
if ((api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) and (empty($_GET['origin']) or $_GET['origin'] !== 'learnpath')) {
539 541
	echo '<div class="actions">';
540 542
	if (isset($_GET['action']) && in_array($_GET['action'], array('add', 'modify','view'))) {
541
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
543
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".$origin."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
542 544
	} else {
543
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'',ICON_SIZE_MEDIUM)."</a>";
545
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".$origin."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'',ICON_SIZE_MEDIUM)."</a>";
544 546
	}
545 547
	$show_actions = true;
546 548
} else {
547 549
    if (in_array($_GET['action'], array('view'))) {
548 550
        echo '<div class="actions">';
549
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
551
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".$origin."'>".Display::return_icon('back.png',get_lang('Back'),'',ICON_SIZE_MEDIUM)."</a>";
550 552
        echo '</div>';
551 553
    }
552 554
}
......
941 943
            echo '<h2>'.get_lang('Announcements').'</h2>';
942 944
            echo Display::return_icon('valves.png', '', array(), 64);
943 945
            echo '<div class="controls">';
944
            echo Display::url(get_lang('AddAnnouncement'), api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$_GET['origin']) , array('class' => 'btn'));
946
            echo Display::url(get_lang('AddAnnouncement'), api_get_self()."?".api_get_cidreq()."&action=add&origin=".$origin, array('class' => 'btn'));
945 947
            echo '</div>';
946 948
            echo '</div>';
947 949
        } else {
......
1022 1024
    					$image_visibility="invisible";
1023 1025
    					$alt_visibility=get_lang('Visible');
1024 1026
    				}
1025
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".(!empty($_GET['origin'])?Security::remove_XSS($_GET['origin']):'')."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".
1027
    				$modify_icons .=  "<a href=\"".api_get_self()."?".api_get_cidreq()."&origin=".$origin."&action=showhide&id=".$myrow['id']."&sec_token=".$stok."\">".
1026 1028
    						Display::return_icon($image_visibility.'.png', $alt_visibility,'',ICON_SIZE_SMALL)."</a>";
1027 1029
    				// DISPLAY MOVE UP COMMAND only if it is not the top announcement
main/blog/blog.php
10 10
 */
11 11
// name of the language file that needs to be included
12 12
$language_file = "blog";
13
require_once '../inc/global.inc.php';
14

  
13 15
$blog_id = intval($_GET['blog_id']);
14
require_once '../inc/global.inc.php';
16
if (empty($blog_id)) {
17
    api_not_allowed(true);
18
}
19

  
15 20
$this_section   = SECTION_COURSES;
16 21
$current_course_tool  = TOOL_BLOGS;
......
287 292
					<form action="blog.php" method="get" enctype="multipart/form-data">
288 293
						<input type="hidden" name="blog_id" value="<?php echo $blog_id ?>" />
289 294
						<input type="hidden" name="action" value="view_search_result" />
290
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? $_GET['q'] : ''); ?>" /><button class="btn search" type="submit"><?php echo get_lang('Search'); ?></button>
295
						<input type="text" size="20" name="q" value="<?php echo isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : ''; ?>" /><button class="btn search" type="submit"><?php echo get_lang('Search'); ?></button>
291 296
					</form>
292 297
				</td>
293 298
			</tr>
main/chat/chat.php
21 21
} else {
22 22
	$origin = $_SESSION['origin'];
23 23
	$target = $_SESSION['target'];
24
	$_SESSION['origin']=$_GET["origin"];
25
	$_SESSION['target']=$_GET["target"];
24
	$_SESSION['origin']= Security::remove_XSS($_GET["origin"]);
25
	$_SESSION['target']= Security::remove_XSS($_GET["target"]);
26 26
}
27 27
/*  TRACKING */
......
71 71
	$group_properties  = GroupManager :: get_group_properties($_clean['group_id']);
72 72
	$interbreadcrumb[] = array('url' => '../group/group.php', 'name' => get_lang('Groups'));
73
	$interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq='.$_SESSION['_gid'], 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
73
	$interbreadcrumb[] = array('url' => '../group/group_space.php?gidReq='.api_get_group_id(), 'name' => get_lang('GroupSpace').' '.$group_properties['name']);
74 74
	$noPHP_SELF = true;
75 75
	$shortBanner = false;
76 76
	$add_group_to_title = ' ('.$group_properties['name'].')';
main/chat/chat_chat.php
155 155
	if ($isMaster || $is_courseCoach) {
156 156
		$rand = mt_rand(1, 1000);
157 157
		echo '<div style="margin-left: 5px;">';
158
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&cidReq='.$_GET['cidReq'].'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
158
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&'.api_get_cidreq().'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
159 159
		echo '</div>';
160 160
	}
161 161
} else {
main/chat/chat_hidden.php
98 98
disconnect_user_of_chat ();
99 99
require 'header_frame.inc.php';
100 100
?>
101
<form name="formHidden" method="post" action="<?php echo api_get_self().'?cidReq='.$_GET['cidReq']; ?>">
101
<form name="formHidden" method="post" action="<?php echo api_get_self().'?'.api_get_cidreq(); ?>">
102 102
<input type="hidden" name="chat_size_old" value="<?php echo $chat_size_new; ?>">
103 103
<input type="hidden" name="connected_old" value="<?php echo $connected_new; ?>">
104 104
</form>
main/chat/chat_message.php
155 155
	$emoticon_img204  = '<img src="'.api_get_path(WEB_IMG_PATH).'smileys/flag_red_small.gif" alt="'.get_lang('Stop').'" title="'.get_lang('Stop').'" />';
156 156
	if ($sent) {
157
		$message = trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset));
157
		$message = Security::remove_XSS(trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset)));
158 158
		$message = str_replace($emoticon_text1, $emoticon_img1, $message);
159 159
		$message = str_replace($emoticon_text2, $emoticon_img2, $message);
160 160
		$message = str_replace($emoticon_text3, $emoticon_img3, $message);
main/chat/header_frame.inc.php
66 66
{
67 67
	if ('<?php echo $chat_size_old; ?>' != '<?php echo $chat_size_new; ?>')
68 68
	{
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&cidReq='.$_GET['cidReq']; ?>#bottom';
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&'.api_get_cidreq(); ?>#bottom';
70 70
	}
71 71
}
......
87 87
{
88 88
	<?php if($chat_size): ?>
89 89
	parent.chat_hidden.document.formHidden.chat_size_old.value='<?php echo $chat_size; ?>';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&cidReq='.$_GET['cidReq']; ?>#bottom';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&'.api_get_cidreq(); ?>#bottom';
91 91
	<?php endif; ?>
92

  
93 92
	document.formMessage.message.focus();
94 93
}
(2-2/2)