From 55b20f00b87f8779a472e7e0ba671da0e2e311bb Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Tue, 3 Dec 2019 17:47:26 +0530
Subject: [PATCH] Fixes #1220 XSS vulnerability with CKEditor field is
addressed
---
modules/Users/actions/Save.php | 5 +++--
modules/Vtiger/actions/Save.php | 5 +++--
2 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/modules/Users/actions/Save.php b/modules/Users/actions/Save.php
index 46c811da1..2d2088431 100644
--- a/modules/Users/actions/Save.php
+++ b/modules/Users/actions/Save.php
@@ -78,8 +78,9 @@ class Users_Save_Action extends Vtiger_Save_Action {
}
if($fieldName == 'signature' && $fieldValue !== null){
$fieldValue = $request->getRaw($fieldName);
- $processedContent = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $fieldValue);
- $fieldValue = to_html(purifyHtmlEventAttributes($processedContent,TRUE));
+ $purifiedContent = vtlib_purify(decode_html($fieldValue));
+ // Purify malicious html event attributes
+ $fieldValue = purifyHtmlEventAttributes(decode_html($purifiedContent),true);
}
if($fieldValue !== null) {
diff --git a/modules/Vtiger/actions/Save.php b/modules/Vtiger/actions/Save.php
index 8b184db81..5a7c00d1b 100644
--- a/modules/Vtiger/actions/Save.php
+++ b/modules/Vtiger/actions/Save.php
@@ -162,8 +162,9 @@ class Vtiger_Save_Action extends Vtiger_Action_Controller {
}
if($fieldName == 'notecontent' && $fieldValue !== null){
$fieldValue = $request->getRaw($fieldName);
- $processedContent = preg_replace('#<script(.*?)>(.*?)</script>#is', '', $fieldValue);
- $fieldValue = to_html(purifyHtmlEventAttributes($processedContent,TRUE));
+ $purifiedContent = vtlib_purify(decode_html($fieldValue));
+ // Purify malicious html event attributes
+ $fieldValue = purifyHtmlEventAttributes(decode_html($purifiedContent),true);
}
if($fieldValue !== null) {
if(!is_array($fieldValue) && $fieldDataType != 'currency') {
--
GitLab