Commit 062a7dee5ed3b9b6fc4df5a089606db88b60abf4
Committed by
Antonio Terceiro
Antonio Terceiro
1 parent
66244e27
Exists in
master
and in
28 other branches
Fixing xss vulnerability
(ActionItem1630)
Showing
4 changed files
with
13 additions
and
3 deletions
Show diff stats
app/views/profile/content_tagged.rhtml
| 1 | 1 | <% add_rss_feed_to_head(_("%s's contents tagged with \"%s\"") % [profile.name, @tag], tag_feed_path) %> |
| 2 | 2 | |
| 3 | -<h1><%= _('Content tagged with "%s"') % @tag %></h1> | |
| 3 | +<h1><%= _('Content tagged with "%s"') % CGI.escapeHTML(@tag) %></h1> | |
| 4 | 4 | |
| 5 | 5 | <p> |
| 6 | 6 | <%= link_to image_tag('icons-mime/rss-feed.png', :alt => _('Feed for this tag'), :title => _('Feed for this tag')), tag_feed_path, :class => 'blog-feed-link'%> |
| ... | ... | @@ -18,6 +18,6 @@ |
| 18 | 18 | <%= pagination_links @tagged, :param_name => 'npage' %> |
| 19 | 19 | |
| 20 | 20 | <div> |
| 21 | - <%= link_to _('See content tagged with "%s" in the entire site') % @tag, :controller => 'search', :action => 'tag', :tag => @tag %> | |
| 21 | + <%= link_to _('See content tagged with "%s" in the entire site') % CGI.escapeHTML(@tag), :controller => 'search', :action => 'tag', :tag => @tag %> | |
| 22 | 22 | </div> |
| 23 | 23 | <% end %> | ... | ... |
app/views/search/index.rhtml
| 1 | 1 | <div id="search-page"> |
| 2 | 2 | |
| 3 | -<%= search_page_title(_('Search Results'), :query => @query, :category => @category ? @category.name : nil, :total_results => @total_results) %> | |
| 3 | +<%= search_page_title(_('Search Results'), :query => CGI.escapeHTML(@query), :category => @category ? @category.name : nil, :total_results => @total_results) %> | |
| 4 | 4 | |
| 5 | 5 | <%= render :partial => 'search_form', :locals => { :form_title => _("Refine your search"), :simple_search => true } %> |
| 6 | 6 | ... | ... |
test/functional/profile_controller_test.rb
| ... | ... | @@ -716,6 +716,11 @@ class ProfileControllerTest < Test::Unit::TestCase |
| 716 | 716 | assert_response 302 |
| 717 | 717 | end |
| 718 | 718 | |
| 719 | + should 'escape xss attack in tag feed' do | |
| 720 | + get :content_tagged, :profile => profile.identifier, :id => "<wslite>" | |
| 721 | + assert_no_tag :tag => 'wslite' | |
| 722 | + end | |
| 723 | + | |
| 719 | 724 | should 'reverse the order of posts in tag feed' do |
| 720 | 725 | TextileArticle.create!(:name => 'First post', :profile => profile, :tag_list => 'tag1', :published_at => Time.now) |
| 721 | 726 | TextileArticle.create!(:name => 'Second post', :profile => profile, :tag_list => 'tag1', :published_at => Time.now + 1.day) | ... | ... |
test/functional/search_controller_test.rb
| ... | ... | @@ -50,6 +50,11 @@ class SearchControllerTest < Test::Unit::TestCase |
| 50 | 50 | assert_equal 'carne vaca', assigns('filtered_query') |
| 51 | 51 | end |
| 52 | 52 | |
| 53 | + should 'espape xss attack' do | |
| 54 | + get 'index', :query => '<wslite>' | |
| 55 | + assert_no_tag :tag => 'wslite' | |
| 56 | + end | |
| 57 | + | |
| 53 | 58 | should 'search only in specified types of content' do |
| 54 | 59 | get :index, :query => 'something not important', :find_in => [ 'articles' ] |
| 55 | 60 | assert_equal [:articles], assigns(:results).keys | ... | ... |