Fix Two XSS Vulnerabilities
Unescaped page names (in 'edit' an 'new' views). Unsanitized HTTP_CLIENT_IP header.
This commit is contained in:
parent
ab63a21ccd
commit
503f956084
4 changed files with 5 additions and 4 deletions
|
@ -2,6 +2,7 @@ require 'fileutils'
|
|||
require 'redcloth_for_tex'
|
||||
require 'parsedate'
|
||||
require 'zip/zip'
|
||||
require 'resolv'
|
||||
|
||||
class WikiController < ApplicationController
|
||||
|
||||
|
@ -381,7 +382,7 @@ class WikiController < ApplicationController
|
|||
def remote_ip
|
||||
ip = request.remote_ip
|
||||
logger.info(ip)
|
||||
ip
|
||||
ip.gsub!(Regexp.union(Resolv::IPv4::Regex, Resolv::IPv6::Regex), '\0') || 'bogus address'
|
||||
end
|
||||
|
||||
def render_rss(hide_description = false, limit = 15, start_date = nil, end_date = nil)
|
||||
|
|
|
@ -77,7 +77,7 @@ class Page < ActiveRecord::Base
|
|||
|
||||
# Returns the original wiki-word name as separate words, so "MyPage" becomes "My Page".
|
||||
def plain_name
|
||||
web.brackets_only? ? name : WikiWords.separate(name)
|
||||
web.brackets_only? ? CGI.escapeHTML(name) : CGI.escapeHTML(WikiWords.separate(name))
|
||||
end
|
||||
|
||||
LOCKING_PERIOD = 30.minutes
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<%
|
||||
@title = "Editing #{@page.name}"
|
||||
@title = "Editing #{CGI.escapeHTML(@page.name)}"
|
||||
@content_width = 720
|
||||
@hide_navigation = true
|
||||
%>
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
<%
|
||||
@title = "Creating #{WikiWords.separate(@page_name)}"
|
||||
@title = "Creating #{CGI.escapeHTML(WikiWords.separate(@page_name))}"
|
||||
@content_width = 720
|
||||
@hide_navigation = true
|
||||
%>
|
||||
|
|
Loading…
Reference in a new issue