Project

General

Profile

Files » chamilo-1.8.8.2-vuln-8.patch

Julio Montoya, 11/03/2013 12:25

View differences:

main/announcements/announcements.php Thu Jul 19 22:44:03 2012 -0500 → main/announcements/announcements.php Fri Mar 08 15:26:31 2013 +0100
32 32
	$_SESSION['id_session'] = intval($_GET['id_session']);
33 33
}
34 34

  
35
$origin = empty($_GET['origin']) ? '' : Security::remove_XSS($_GET['origin']);
36

  
35 37
/* ACCESS RIGHTS */
36 38
api_protect_course_script();
37 39

  
......
809 811
if ((api_is_allowed_to_edit(false,true) OR (api_get_course_setting('allow_user_edit_announcement') && !api_is_anonymous())) and (empty($_GET['origin']) or $_GET['origin'] !== 'learnpath')) {
810 812
	echo '<div class="actions">';
811 813
	if (in_array($_GET['action'], array('add', 'modify','view'))) {
812
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";
814
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$origin)."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";
813 815
	} else {
814
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'','32')."</a>";
816
	   echo "<a href='".api_get_self()."?".api_get_cidreq()."&action=add&origin=".(empty($_GET['origin'])?'':$origin)."'>".Display::return_icon('new_announce.png',get_lang('AddAnnouncement'),'','32')."</a>";
815 817
	}
816 818
	$show_actions = true;
817 819
} else {
818 820
    if (in_array($_GET['action'], array('view'))) {
819 821
        echo '<div class="actions">';
820
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$_GET['origin'])."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";    
822
        echo "<a href='".api_get_self()."?".api_get_cidreq()."&origin=".(empty($_GET['origin'])?'':$origin)."'>".Display::return_icon('back.png',get_lang('Back'),'','32')."</a>";    
821 823
        echo '</div>';
822 824
    }
823 825
}
main/blog/blog.php Thu Jul 19 22:44:03 2012 -0500 → main/blog/blog.php Fri Mar 08 15:26:31 2013 +0100
10 10
 */
11 11
// name of the language file that needs to be included
12 12
$language_file = "blog";
13
require_once '../inc/global.inc.php';
14

  
13 15
$blog_id = intval($_GET['blog_id']);
14 16

  
15
require_once '../inc/global.inc.php';
17
if (empty($blog_id)) {
18
    api_not_allowed(true);
19
}
20

  
16 21
$this_section=SECTION_COURSES;
17 22

  
18 23

  
......
289 294
					<form action="blog.php" method="get" enctype="multipart/form-data">
290 295
						<input type="hidden" name="blog_id" value="<?php echo $blog_id ?>" />
291 296
						<input type="hidden" name="action" value="view_search_result" />
292
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? $_GET['q'] : ''); ?>" /><button class="search" type="submit"><?php echo get_lang('Search'); ?></button>
297
						<input type="text" size="20" name="q" value="<?php echo (isset($_GET['q']) ? Security::remove_XSS($_GET['q']) : ''); ?>" /><button class="search" type="submit"><?php echo get_lang('Search'); ?></button>
293 298
					</form>
294 299
				</td>
295 300
			</tr>
main/chat/chat.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat.php Fri Mar 08 15:26:31 2013 +0100
20 20
} else {
21 21
	$origin = $_SESSION['origin'];
22 22
	$target = $_SESSION['target'];
23
	$_SESSION['origin']=$_GET["origin"];
24
	$_SESSION['target']=$_GET["target"];
23
	$_SESSION['origin']= Security::remove_XSS($_GET["origin"]);
24
	$_SESSION['target']= Security::remove_XSS($_GET["target"]);
25 25
}
26 26

  
27 27
/*  TRACKING */
main/chat/chat_chat.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat_chat.php Fri Mar 08 15:26:31 2013 +0100
73 73
	} else {
74 74
		$filename_chat = 'messages-'.$date_now.'.log.html';
75 75
	}
76
	
76

  
77 77
	if (!file_exists($chat_path.$filename_chat)) {
78 78
		@fclose(fopen($chat_path.$filename_chat, 'w'));
79 79
		if (!api_is_anonymous()) {
......
114 114

  
115 115
		update_existing_document($_course, $doc_id, 0);
116 116
	}
117
	
117

  
118 118
	$remove = 0;
119 119
	$content = array();
120 120
	if (file_exists($chat_path.$basename_chat.'.log.html')) {
......
153 153
	if ($isMaster || $is_courseCoach) {
154 154
		$rand = mt_rand(1, 1000);
155 155
		echo '<div style="margin-left: 5px;">';
156
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&cidReq='.$_GET['cidReq'].'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
156
		echo '<a href="'.api_get_self().'?rand='.$rand.'&reset=1&'.api_get_cidreq().'#bottom" onclick="javascript: if(!confirm(\''.addslashes(api_htmlentities(get_lang('ConfirmReset'), ENT_QUOTES)).'\')) return false;">'.Display::return_icon('delete.gif', get_lang('ClearList')).' '.get_lang('ClearList').'</a>';
157 157
		echo '</div>';
158 158
	}
159 159
} else {
main/chat/chat_hidden.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat_hidden.php Fri Mar 08 15:26:31 2013 +0100
113 113
}
114 114
?>
115 115

  
116
<form name="formHidden" method="post" action="<?php echo api_get_self().'?cidReq='.$_GET['cidReq']; ?>">
116
<form name="formHidden" method="post" action="<?php echo api_get_self().'?'.api_get_cidreq(); ?>">
117 117
<input type="hidden" name="chat_size_old" value="<?php echo $chat_size_new; ?>">
118 118
<input type="hidden" name="connected_old" value="<?php echo $connected_new; ?>">
119 119
</form>
main/chat/chat_message.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/chat_message.php Fri Mar 08 15:26:31 2013 +0100
169 169
	$emoticon_img204  = '<img src="'.api_get_path(WEB_IMG_PATH).'smileys/flag_red_small.gif" alt="'.get_lang('Stop').'" title="'.get_lang('Stop').'" />';
170 170

  
171 171
	if ($sent) {
172
		$message = trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset));
172
		$message = Security::remove_XSS(trim(htmlspecialchars(stripslashes($_POST['message']), ENT_QUOTES, $charset)));
173 173
		$message = str_replace($emoticon_text1, $emoticon_img1, $message);
174 174
		$message = str_replace($emoticon_text2, $emoticon_img2, $message);
175 175
		$message = str_replace($emoticon_text3, $emoticon_img3, $message);
main/chat/header_frame.inc.php Thu Jul 19 22:44:03 2012 -0500 → main/chat/header_frame.inc.php Fri Mar 08 15:26:31 2013 +0100
66 66
{
67 67
	if ('<?php echo $chat_size_old; ?>' != '<?php echo $chat_size_new; ?>')
68 68
	{
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&cidReq='.$_GET['cidReq']; ?>#bottom';
69
		parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size_new.'&'.api_get_cidreq(); ?>#bottom';
70 70
	}
71 71
}
72 72

  
......
87 87
{
88 88
	<?php if($chat_size): ?>
89 89
	parent.chat_hidden.document.formHidden.chat_size_old.value='<?php echo $chat_size; ?>';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&cidReq='.$_GET['cidReq']; ?>#bottom';
90
	parent.chat_chat.location.href='chat_chat.php?size=<?php echo $chat_size.'&'.api_get_cidreq(); ?>#bottom';
91 91
	<?php endif; ?>
92 92

  
93 93
	document.formMessage.message.focus();
    (1-1/1)