Skip to content

Commit

Permalink
Merge pull request #1856
Browse files Browse the repository at this point in the history
* fix: Encode XSS related characters and strip tags.
  • Loading branch information
nuxsmin authored Jul 2, 2022
1 parent c39b60c commit 9d0e169
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 5 deletions.
4 changes: 2 additions & 2 deletions lib/SP/Html/Html.php
Original file line number Diff line number Diff line change
Expand Up @@ -191,12 +191,12 @@ public static function getSafeUrl(string $url): string
}

return preg_replace_callback(
'/[^:\/@?&=#%\w]+/u',
'/["<>\']+/u',
function ($matches)
{
return urlencode($matches[0]);
},
$url
strip_tags($url)
);
}
}
4 changes: 2 additions & 2 deletions lib/SP/Services/Install/Installer.php
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,9 @@ final class Installer extends Service
/**
* sysPass' version and build number
*/
const VERSION = [3, 2, 10];
const VERSION = [3, 2, 11];
const VERSION_TEXT = '3.2';
const BUILD = 22070101;
const BUILD = 22070201;

/**
* @var DatabaseSetupInterface
Expand Down
3 changes: 2 additions & 1 deletion tests/SP/Html/HtmlTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ public function testGetSafeUrlOk()
*/
public function testGetSafeUrlEncoded(string $url)
{
$this->assertEquals(0, preg_match('/["<>]+/', Html::getSafeUrl($url)));
$this->assertEquals(0, preg_match('/["<>\']+/', Html::getSafeUrl($url)));
}

private function urlProvider(): array
Expand All @@ -67,6 +67,7 @@ private function urlProvider(): array
['https://foo.com/"><script>alert("TEST");</script>'],
['https://foo.com/"%20onClick="alert(\'TEST\'")'],
['https://foo.com/" onClick="alert(\'TEST\')"'],
['mongodb+srv://cluster.foo.mongodb.net/bar'],
];
}
}

0 comments on commit 9d0e169

Please sign in to comment.