[pkg-horde] [COMMIT lionel kronolith--sid--2--patch-2] Merge with
upstream branch
Lionel Elie Mamane
lmamane at costa.debian.org
Sat Dec 24 16:55:03 UTC 2005
A {arch}/kronolith/kronolith--upstream/kronolith--upstream--2/pkg-horde-hackers at lists.alioth.debian.org--2006/patch-log/patch-1
A {arch}/kronolith/kronolith--sid/kronolith--sid--2/pkg-horde-hackers at lists.alioth.debian.org--2006/patch-log/patch-2
M templates/calendars/calendars.inc
M templates/contacts/contacts.inc
M templates/prefs/search_abook_select.inc
M lib/FBView/week.php
M lib/FBView/day.php
M lib/Kronolith.php
M docs/RELEASE_NOTES
M templates/data/import.inc
M templates/search/event_summaries.inc
M templates/day/head_side_by_side.inc
M templates/delete/delete.inc
M templates/search/search_advanced.inc
M templates/view/view.inc
M templates/edit/javascript.inc
M templates/prefs/remote_cal_management.inc
M templates/attendees/attendees.inc
M templates/menu.inc
M templates/data/export.inc
M templates/week/head_side_by_side.inc
M lib/FBView.php
M lib/version.php
M docs/CHANGES
M templates/delete/one.inc
M templates/prefs/shareselect.inc
M templates/edit/edit.inc
--- /dev/null
+++ {arch}/kronolith/kronolith--upstream/kronolith--upstream--2/pkg-horde-hackers at lists.alioth.debian.org--2006/patch-log/patch-1
@@ -0,0 +1,31 @@
+Revision: kronolith--upstream--2--patch-1
+Archive: pkg-horde-hackers at lists.alioth.debian.org--2006
+Creator: Lionel Elie Mamane <lionel at mamane.lu>
+Date: Sat Dec 24 17:48:02 CET 2005
+Standard-date: 2005-12-24 16:48:02 GMT
+Modified-files: docs/CHANGES docs/RELEASE_NOTES
+ lib/FBView.php lib/FBView/day.php lib/FBView/week.php
+ lib/Kronolith.php lib/version.php
+ templates/attendees/attendees.inc
+ templates/calendars/calendars.inc
+ templates/contacts/contacts.inc
+ templates/data/export.inc templates/data/import.inc
+ templates/day/head_side_by_side.inc
+ templates/delete/delete.inc templates/delete/one.inc
+ templates/edit/edit.inc templates/edit/javascript.inc
+ templates/menu.inc
+ templates/prefs/remote_cal_management.inc
+ templates/prefs/search_abook_select.inc
+ templates/prefs/shareselect.inc
+ templates/search/event_summaries.inc
+ templates/search/search_advanced.inc
+ templates/view/view.inc
+ templates/week/head_side_by_side.inc
+New-patches: pkg-horde-hackers at lists.alioth.debian.org--2006/kronolith--upstream--2--patch-1
+Summary: Import upstream kronolith 2.0.6
+Keywords:
+
+Imported kronolith-h3-2.0.6
+into pkg-horde-hackers at lists.alioth.debian.org--2006/kronolith--upstream--2
+
+
--- /dev/null
+++ {arch}/kronolith/kronolith--sid/kronolith--sid--2/pkg-horde-hackers at lists.alioth.debian.org--2006/patch-log/patch-2
@@ -0,0 +1,35 @@
+Revision: kronolith--sid--2--patch-2
+Archive: pkg-horde-hackers at lists.alioth.debian.org--2006
+Creator: Lionel Elie Mamane <lionel at mamane.lu>
+Date: Sat Dec 24 17:52:28 CET 2005
+Standard-date: 2005-12-24 16:52:28 GMT
+Modified-files: docs/CHANGES docs/RELEASE_NOTES
+ lib/FBView.php lib/FBView/day.php lib/FBView/week.php
+ lib/Kronolith.php lib/version.php
+ templates/attendees/attendees.inc
+ templates/calendars/calendars.inc
+ templates/contacts/contacts.inc
+ templates/data/export.inc templates/data/import.inc
+ templates/day/head_side_by_side.inc
+ templates/delete/delete.inc templates/delete/one.inc
+ templates/edit/edit.inc templates/edit/javascript.inc
+ templates/menu.inc
+ templates/prefs/remote_cal_management.inc
+ templates/prefs/search_abook_select.inc
+ templates/prefs/shareselect.inc
+ templates/search/event_summaries.inc
+ templates/search/search_advanced.inc
+ templates/view/view.inc
+ templates/week/head_side_by_side.inc
+New-patches: pkg-horde-hackers at lists.alioth.debian.org--2006/kronolith--sid--2--patch-2
+ pkg-horde-hackers at lists.alioth.debian.org--2006/kronolith--upstream--2--patch-1
+Summary: Merge with upstream branch
+Keywords:
+
+
+
+Patches applied:
+
+ * pkg-horde-hackers at lists.alioth.debian.org--2006/kronolith--upstream--2--patch-1
+ Import upstream kronolith 2.0.6
+
--- orig/templates/calendars/calendars.inc
+++ mod/templates/calendars/calendars.inc
@@ -1,13 +1,13 @@
<script language="JavaScript" type="text/javascript">
<!--
-var editURL = '<?php echo str_replace('&', '&', Util::addParameter(Horde::url($registry->get('webroot', 'horde') . '/services/shares/edit.php?app=kronolith'), 'share', '@ID@')) ?>';
+var editURL = decodeURIComponent('<?php echo rawurlencode(Util::addParameter(Horde::url($registry->get('webroot', 'horde') . '/services/shares/edit.php?app=kronolith', true), 'share', '@ID@', false)) ?>');
var cancelSubmit = false;
var fields = new Array();
<?php foreach ($personal_calendars as $id => $cal): ?>
-fields['<?php echo addslashes($id) ?>'] = new Array(
- "<?php echo addslashes($cal->get('name')) ?>",
- "<?php echo preg_replace('(\r\n|\n|\r)', '\n', addslashes($cal->get('desc'))) ?>");
+fields['<?php echo rawurlencode($id) ?>'] = new Array(
+ "<?php echo rawurlencode($cal->get('name')) ?>",
+ "<?php echo preg_replace('(\r\n|\n|\r)', '\n', rawurlencode($cal->get('desc'))) ?>");
<?php endforeach; ?>
function newChoice()
@@ -27,9 +27,9 @@
function updateForm(share)
{
- document.shares.edit_share.value = share;
- document.shares.id.value = fields[share][0];
- document.shares.description.value = fields[share][1];
+ document.shares.edit_share.value = decodeURIComponent(share);
+ document.shares.id.value = decodeURIComponent(fields[share][0]);
+ document.shares.description.value = decodeURIComponent(fields[share][1]);
}
function clearForm()
@@ -85,7 +85,7 @@
<select name="share" onchange="newChoice()">
<option value="-1"><?php echo _("Select a calendar") ?></option>
<?php foreach ($personal_calendars as $id => $cal): ?>
- <option value="<?php echo $id ?>"><?php echo $cal->get('name') ?></option>
+ <option value="<?php echo htmlspecialchars($id) ?>"><?php echo htmlspecialchars($cal->get('name')) ?></option>
<?php endforeach; ?>
</select>
</div>
@@ -113,7 +113,7 @@
<b><?php echo _("Calendar Description") ?></b>
</td>
<td>
- <textarea wrap="hard" name="description" rows="4" cols="60"></textarea>
+ <textarea name="description" rows="4" cols="60"></textarea>
</td>
</tr>
</table>
@@ -141,7 +141,7 @@
<p>
<select multiple="multiple" name="fbcals" size="5" onchange="updateFBUrl()">
<?php $calendars = Kronolith::listCalendars(); foreach ($calendars as $id => $cal): ?>
- <option value="<?php echo $id ?>"><?php echo $cal->get('name') ?></option>
+ <option value="<?php echo htmlspecialchars($id) ?>"><?php echo htmlspecialchars($cal->get('name')) ?></option>
<?php endforeach; ?>
</select>
</p>
--- orig/templates/contacts/contacts.inc
+++ mod/templates/contacts/contacts.inc
@@ -1,7 +1,7 @@
<script language="JavaScript" type="text/javascript">
<!--
-var display = "<?php echo (!empty($display) ? $display : 'name') ?>";
+var display = decodeURIComponent("<?php echo (!empty($display) ? rawurlencode($display) : 'name') ?>");
function changeDisplay()
{
@@ -126,16 +126,16 @@
<table border="0" width="100%" cellpadding="0">
<tr>
<td class="light" align="left" nowrap="nowrap"><b><?php echo _("Find") ?></b>
- <input value="<?php echo $search ?>" name="search" style="width:150px"></td>
+ <input value="<?php echo htmlspecialchars($search) ?>" name="search" style="width:150px"></td>
<?php if (count($source_list) > 1): ?>
<td class="light" align="left" nowrap="nowrap"><b><?php echo _("from") ?></b>
<select name="source">
<?php foreach ($source_list as $key => $select): ?>
- <option value="<?php echo $key ?>"<?php if ($key == $source) echo ' selected="selected"' ?>><?php echo htmlspecialchars($select) ?></option>
+ <option value="<?php echo htmlspecialchars($key) ?>"<?php if ($key == $source) echo ' selected="selected"' ?>><?php echo htmlspecialchars($select) ?></option>
<?php endforeach; ?>
</select></td>
<?php else: ?>
- <td class="light"><input name="source" type="hidden" value="<?php echo key($source_list) ?>" /></td>
+ <td class="light"><input name="source" type="hidden" value="<?php echo htmlspecialchars(key($source_list)) ?>" /></td>
<?php endif; ?>
<td class="light" align="left" nowrap="nowrap"><input type="submit" class="button" value="<?php echo _("Search") ?>" />
</td>
@@ -150,9 +150,9 @@
<option value=""><?php echo _("* Please select address(es) *") ?></option>
<?php foreach ($addresses as $addr): ?>
<?php if ($display == 'email'): ?>
- <option value="<?php echo rawurlencode($addr['name']) ?>"><?php echo $addr['email'] ?></option>
+ <option value="<?php echo rawurlencode($addr['name']) ?>"><?php echo htmlspecialchars($addr['email']) ?></option>
<?php else: ?>
- <option value="<?php echo rawurlencode($addr['email']) ?>"><?php echo $addr['name'] ?></option>
+ <option value="<?php echo rawurlencode($addr['email']) ?>"><?php echo htmlspecialchars($addr['name']) ?></option>
<?php endif; ?>
<?php endforeach; ?>
</select>
@@ -163,7 +163,7 @@
<select name="selected_addresses" multiple="multiple" size="10" width="200" onchange="document.contacts.selected_addresses[0].selected=false">
<option value=""><?php echo _("* Add these by clicking Add *") ?></option>
<?php foreach ($selected_addresses as $value => $text): ?>
- <option value="<?php echo $value ?>"><?php echo $text ?></option>
+ <option value="<?php echo htmlspecialchars($value) ?>"><?php echo htmlspecialchars($text) ?></option>
<?php endforeach; ?>
</select>
</td>
@@ -172,8 +172,8 @@
<td nowrap="nowrap" align="left" class="light">
<b><?php echo _("Display") ?></b>
<select name="display" onchange="changeDisplay();">
- <option value="name"<?php echo $display == "name" ? " selected=\"selected\"" : "" ?>><?php echo _("Name") ?></option>
- <option value="email"<?php echo $display == "email" ? " selected=\"selected\"" : "" ?>><?php echo _("Email Address") ?></option>
+ <option value="name"<?php echo $display == 'name' ? ' selected="selected"' : '' ?>><?php echo _("Name") ?></option>
+ <option value="email"<?php echo $display == 'email' ? ' selected="selected"' : '' ?>><?php echo _("Email Address") ?></option>
</select>
</td>
<td> </td>
--- orig/templates/prefs/search_abook_select.inc
+++ mod/templates/prefs/search_abook_select.inc
@@ -6,9 +6,9 @@
foreach ($address_books as $address_book => $description) {
if (!is_bool(array_search($address_book, $address_bookSaved))) {
- $address_bookSelect .= '<option value="' . $address_book . '" selected>' . $description . '</option>';
+ $address_bookSelect .= '<option value="' . htmlspecialchars($address_book) . '" selected>' . htmlspecialchars($description) . '</option>';
} else {
- $address_bookSelect .= '<option value="' . $address_book . '">' . $description . '</option>';
+ $address_bookSelect .= '<option value="' . htmlspecialchars($address_book) . '">' . htmlspecialchars($description) . '</option>';
}
}
}
--- orig/lib/FBView/week.php
+++ mod/lib/FBView/week.php
@@ -7,7 +7,7 @@
*
* See the enclosed file COPYING for license information.
*
- * $Horde: kronolith/lib/FBView/week.php,v 1.11.4.5 2005/08/04 00:13:04 chuck Exp $
+ * $Horde: kronolith/lib/FBView/week.php,v 1.11.4.5.2.1 2005/12/06 00:12:04 jan Exp $
*
* @author Mike Cochrane <mike at graftonhall.co.nz>
* @author Jan Schneider <jan at horde.org>
@@ -39,7 +39,7 @@
global $prefs;
$hours_html = '<table width="100%" cellspacing="0" style="text-align:center"><tr>';
- $dayWidth = 100 / $this->_days;
+ $dayWidth = round(100 / $this->_days);
$span = floor(($this->_endHour - $this->_startHour) / 3);
if (($this->_endHour - $this->_startHour) % 3) {
$span++;
@@ -58,7 +58,7 @@
}
$hours_html .= '</tr><tr>';
- $width = 100 / ($span * $this->_days);
+ $width = round(100 / ($span * $this->_days));
for ($i = 0; $i < $this->_days; $i++) {
for ($h = $this->_startHour; $h < $this->_endHour; $h += 3) {
$t = mktime($h, 0, 0, date('n', $this->_day), date('j', $this->_day), date('Y', $this->_day));
@@ -102,7 +102,7 @@
$count = 0;
$blocks = '';
- $dayWidth = 100 / $this->_days;
+ $dayWidth = round(100 / $this->_days);
$columns = floor(($this->_endHour - $this->_startHour) / 3);
if (($this->_endHour - $this->_startHour) % 3) {
$columns++;
@@ -205,7 +205,7 @@
$template->set('top', $count++ * 15);
$columns *= $this->_days;
$template->set('columns', range(1, $columns));
- $template->set('width', 100 / $columns);
+ $template->set('width', round(100 / $columns));
$blocks .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/linesblock.tpl');
return $blocks;
--- orig/lib/FBView/day.php
+++ mod/lib/FBView/day.php
@@ -7,7 +7,7 @@
*
* See the enclosed file COPYING for license information.
*
- * $Horde: kronolith/lib/FBView/day.php,v 1.13.4.3 2005/08/15 23:42:54 jan Exp $
+ * $Horde: kronolith/lib/FBView/day.php,v 1.13.4.3.2.1 2005/12/06 00:12:04 jan Exp $
*
* @author Mike Cochrane <mike at graftonhall.co.nz>
* @author Jan Schneider <jan at horde.org>
@@ -61,7 +61,7 @@
$template->set('top', $count++ * 15);
$template->set('columns', range($this->_startHour, $this->_endHour - 1));
- $template->set('width', 100 / ($this->_endHour - $this->_startHour));
+ $template->set('width', round(100 / ($this->_endHour - $this->_startHour)));
$blocks .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/linesblock.tpl');
return $blocks;
@@ -84,7 +84,7 @@
{
$twentyFour = $GLOBALS['prefs']->getValue('twentyFour');
$hours_html = '<table width="100%" cellspacing="0" style="text-align:center; border-collapse:collapse"><tr>';
- $width = 100 / ($this->_endHour - $this->_startHour + 1);
+ $width = round(100 / ($this->_endHour - $this->_startHour + 1));
for ($i = $this->_startHour; $i < $this->_endHour; $i++) {
$hour = date($twentyFour ? 'G:00' : 'g:00a', mktime($i));
$hours_html .= '<td style="border-left:1px solid black; border-right:1px solid black; width:' .
--- orig/lib/Kronolith.php
+++ mod/lib/Kronolith.php
@@ -32,7 +32,7 @@
/**
* The Kronolith:: class provides functionality common to all of Kronolith.
*
- * $Horde: kronolith/lib/Kronolith.php,v 1.263.2.18 2005/08/05 14:33:53 jan Exp $
+ * $Horde: kronolith/lib/Kronolith.php,v 1.263.2.18.2.1 2005/12/05 23:55:35 jan Exp $
*
* @author Chuck Hagenbuch <chuck at horde.org>
* @since Kronolith 0.1
@@ -857,7 +857,7 @@
$default_domain = empty($conf['storage']['default_domain']) ? null : $conf['storage']['default_domain'];
$res = $rfc822->parseAddressList($email, $default_domain);
- if (is_a('PEAR_Error', $res)) {
+ if (is_a($res, 'PEAR_Error')) {
return $res;
}
if (!count($res)) {
--- orig/docs/RELEASE_NOTES
+++ mod/docs/RELEASE_NOTES
@@ -12,12 +12,22 @@
* 8 - Minor security fixes
* 9 - Major security fixes
*/
-$this->notes['fm']['focus'] = 6;
+$this->notes['fm']['focus'] = 9;
/* Mailing list release notes. */
$this->notes['ml']['changes'] = <<<ML
The Horde Team is pleased to announce the final release of the Kronolith
-Calendar Application version H3 (2.0.5).
+Calendar Application version H3 (2.0.6).
+
+This is a security release that fixes cross site scripting
+vulnerabilities in several of the calendar name and event data
+fields. None of the vulnerabilities can be exploited by
+unauthenticated users; however, we strongly recommend that all users
+of Kronolith 2.0.5 upgrade to 2.0.6 as soon as possible.
+
+Many thanks to Johannes Greil of SEC Consult
+(http://www.sec-consult.com/) for reporting these problems and working
+with us to test the fixes.
Kronolith is the Horde calendar application. It provides web-based calendars
backed by a SQL database, the MCAL library, or a Kolab server. Supported
@@ -25,15 +35,14 @@
alarms, recurring events, and a sophisticated day/week view which handles
arbitrary numbers of overlapping events.
-Major changes compared to the Kronolith version H3 (2.0.4) are:
- * Fix reminder emails.
- * Fix warnings with Internet Explorer on HTTPS connections.
+Major changes compared to the Kronolith version H3 (2.0.5) are:
+ * Close several XSS problems with calendar and event fields.
ML;
/* Freshmeat release notes. */
$this->notes['fm']['changes'] = <<<FM
-Reminder emails and warnings with Internet Explorer on HTTPS connections have
-been fixed.
+Several XSS problems with calendar names and event fields have been
+closed. The holes closed were only exploitable by authenticated users.
FM;
$this->notes['name'] = 'Kronolith';
--- orig/templates/data/import.inc
+++ mod/templates/data/import.inc
@@ -1,10 +1,10 @@
<form method="post" name="import_form" enctype="multipart/form-data" action="data.php">
<?php Util::pformInput() ?>
-<input type="hidden" name="actionID" value="<?php echo $next_step ?>" />
-<input type="hidden" name="import_step" value="<?php echo $import_step ?>" />
+<input type="hidden" name="actionID" value="<?php echo htmlspecialchars($next_step) ?>" />
+<input type="hidden" name="import_step" value="<?php echo (int)$import_step ?>" />
<div class="header">
- <?php echo sprintf(_("Import Calendar, Step %d"), $import_step) ?>
+ <?php echo sprintf(_("Import Calendar, Step %d"), (int)$import_step) ?>
</div>
<div class="item">
@@ -22,7 +22,7 @@
<?php echo _("Select the calendar to import to:") ?><br />
<select name="importCal">
<?php foreach ($calendars as $id => $cal) {
- printf('<option value="%s">%s</option>', $id, $cal->get('name')) . "\n";
+ printf('<option value="%s">%s</option>', htmlspecialchars($id), htmlspecialchars($cal->get('name'))) . "\n";
} ?>
</select><br /><br />
<?php else: ?>
--- orig/templates/search/event_summaries.inc
+++ mod/templates/search/event_summaries.inc
@@ -1,7 +1,7 @@
<tr class="text">
<td nowrap="nowrap" style="background-color:<?php echo $color ?>"><?php echo $found->getLink() ?></td>
- <td nowrap="nowrap"><?php echo $found->getCategory() ?></td>
- <td nowrap="nowrap"><?php echo $found->getLocation() ?></td>
+ <td nowrap="nowrap"><?php echo htmlspecialchars($found->getCategory()) ?></td>
+ <td nowrap="nowrap"><?php echo htmlspecialchars($found->getLocation()) ?></td>
<td nowrap="nowrap"><?php echo Kronolith::statusToString($found->getStatus()) ?></td>
<td nowrap="nowrap"><?php echo strftime($prefs->getValue('date_format'), $start->timestamp()) . date($prefs->getValue('twentyFour') ? ' G:i' : ' g:i a', $start->timestamp()) ?></td>
<td nowrap="nowrap"><?php echo strftime($prefs->getValue('date_format'), $end->timestamp()) . date($prefs->getValue('twentyFour') ? ' G:i' : ' g:i a', $end->timestamp()) ?></td>
--- orig/templates/day/head_side_by_side.inc
+++ mod/templates/day/head_side_by_side.inc
@@ -7,7 +7,7 @@
<?php endif; ?>
<?php $i = 0; foreach ($this->_currentCalendars as $cid => $cal): ?>
<th class="control" width="<?php echo round(90 / count($this->_currentCalendars)) ?>%" colspan="<?php echo $this->_span[$cid] ?>">
- <strong><?php echo $cal->get('name') . ' ' . Horde::link(Util::addParameter(Horde::selfUrl(), 'display_cal', $cal->getShortName()), sprintf(_("Hide %s"), $cal->get('name'))) . Horde::img('delete-small.png', _("Hide"), '', $GLOBALS['registry']->getImageDir('horde')) . '</a>' ?></strong>
+ <strong><?php echo htmlspecialchars($cal->get('name')) . ' ' . Horde::link(Util::addParameter(Horde::selfUrl(), 'display_cal', $cal->getShortName()), sprintf(_("Hide %s"), $cal->get('name'))) . Horde::img('delete-small.png', _("Hide"), '', $GLOBALS['registry']->getImageDir('horde')) . '</a>' ?></strong>
</th>
<?php endforeach; ?>
</tr>
--- orig/templates/delete/delete.inc
+++ mod/templates/delete/delete.inc
@@ -3,19 +3,22 @@
$url = Util::addParameter('month.php', array('month' => $month,
'year' => $year));
$url = Horde::applicationUrl($url, true);
+} else {
+ // Escape URLs that came from client-side input.
+ $url = htmlspecialchars($url);
}
?>
<form action="deleventaction.php" method="post" name="delete">
<?php echo Util::formInput() ?>
-<input type="hidden" name="year" value="<?php if (isset($year)) echo $year ?>" />
-<input type="hidden" name="month" value="<?php if (isset($month)) echo $month ?>" />
-<input type="hidden" name="mday" value="<?php if (isset($day)) echo $day ?>" />
+<input type="hidden" name="year" value="<?php if (isset($year)) echo htmlspecialchars($year) ?>" />
+<input type="hidden" name="month" value="<?php if (isset($month)) echo htmlspecialchars($month) ?>" />
+<input type="hidden" name="mday" value="<?php if (isset($day)) echo htmlspecialchars($day) ?>" />
<input type="hidden" name="url" value="<?php echo $url ?>" />
-<input type="hidden" name="eventID" value="<?php echo $event->getID() ?>" />
-<input type="hidden" name="calendar" value="<?php echo Util::getFormData('calendar') ?>" />
+<input type="hidden" name="eventID" value="<?php echo htmlspecialchars($event->getId()) ?>" />
+<input type="hidden" name="calendar" value="<?php echo htmlspecialchars($event->getCalendar()) ?>" />
<div class="header">
- <?php echo sprintf(_("Delete %s"), $event->getTitle()) ?>
+ <?php echo sprintf(_("Delete %s"), htmlspecialchars($event->getTitle())) ?>
</div>
<br class="spacer" />
@@ -29,7 +32,7 @@
<input type="submit" class="button" name="current" value="<?php echo _("Current") ?>" />
<input type="submit" class="button" name="future" value="<?php echo _("Future") ?>" />
<input type="submit" class="button" name="all" value="<?php echo _("All") ?>" />
- <a class="button" href="<?php echo $url ?>"><?php echo _("Cancel") ?></a>
+ <a class="button" href="<?php echo htmlspecialchars($url) ?>"><?php echo _("Cancel") ?></a>
</div>
</form>
--- orig/templates/search/search_advanced.inc
+++ mod/templates/search/search_advanced.inc
@@ -51,7 +51,7 @@
foreach ($calendars as $id => $cal) {
$sel = ($id == $event->calendar) ? ' selected="selected"' : '';
echo sprintf('<option value="%s"%s>%s</option>',
- $id, $sel, $cal->get('name')) . "\n";
+ htmlspecialchars($id), $sel, htmlspecialchars($cal->get('name'))) . "\n";
} ?>
</select>
@@ -72,9 +72,9 @@
$categories = $cManager->get();
foreach ($categories as $name) {
- echo '<option value="' . htmlspecialchars($name) . '"';
- echo ($event->category == $name) ? ' selected="selected">' : '>';
- echo htmlspecialchars($name) . '</option>';
+ echo '<option value="' . htmlspecialchars($name) . '"' .
+ (($event->category == $name) ? ' selected="selected">' : '>') .
+ htmlspecialchars($name) . '</option>';
}
?>
</select>
--- orig/templates/view/view.inc
+++ mod/templates/view/view.inc
@@ -33,7 +33,7 @@
<!-- status -->
<tr class="item<?php echo ($i++ % 2) ?>">
<td align="right"><b><?php echo _("Status") ?> </b></td>
- <td align="left"><?php echo empty($status) ? ' ' : $status ?> </td>
+ <td align="left"><?php echo empty($status) ? ' ' : htmlspecialchars($status) ?> </td>
</tr>
<?php if (!empty($owner)): ?>
@@ -156,10 +156,10 @@
</tr>
<?php foreach ($keyword_list as $cat => $list): ?>
<tr class="item<?php echo ($i++ % 2) ?>">
- <td align="right" valign="top"><b><?php echo $cat ?> </b></td>
+ <td align="right" valign="top"><b><?php echo htmlspecialchars($cat) ?> </b></td>
<td align="left">
<?php foreach ($list as $entry): ?>
- <?php echo $entry ?><br />
+ <?php echo htmlspecialchars($entry) ?><br />
<?php endforeach; ?>
</td>
</tr>
@@ -183,7 +183,7 @@
</tr>
<?php foreach ($attendees as $email => $status): ?>
<tr class="item<?php echo ($i++ % 2) ?>">
- <td><?php echo Horde::link($registry->call('mail/compose', array(array('to' => addslashes($email)))), sprintf(_("Send an email to %s"), $email)), $email . '</a>' ?></td>
+ <td><?php echo Horde::link($registry->call('mail/compose', array(array('to' => $email))), sprintf(_("Send an email to %s"), $email)), htmlspecialchars($email) . '</a>' ?></td>
<td><?php echo Kronolith::partToString($status['attendance']) ?></td>
<td><?php echo Kronolith::responseToString($status['response']) ?></td>
</tr>
--- orig/templates/edit/javascript.inc
+++ mod/templates/edit/javascript.inc
@@ -3,7 +3,7 @@
<script language="JavaScript" type="text/javascript">
<!--
-<?php if (!isset($issearch)): ?>
+<?php if (!Util::nonInputVar('issearch')): ?>
function setInterval(field)
{
@@ -82,7 +82,7 @@
day = _get('end[day]').value;
month = _get('end[month]').value - 1;
year = _get('end[year]').value;
-<?php if (!isset($issearch)): ?>
+<?php if (!Util::nonInputVar('issearch')): ?>
} else if (span == 'recur_end_wday') {
spanObj = _get('recur_end_wday');
day = _get('recur_enddate[day]').value;
--- orig/templates/prefs/remote_cal_management.inc
+++ mod/templates/prefs/remote_cal_management.inc
@@ -20,9 +20,9 @@
<?php $cals = unserialize($prefs->getValue('remote_cals')); foreach ($cals as $key => $cal): ?>
<tr>
- <td class="text"><a onclick="deleteCal('<?php echo $cal['url'] ?>'); return false;"><?php echo Horde::img('delete.png', _("Delete"), '', $registry->getImageDir('horde')) ?></a></td>
- <td class="text"><?php echo $cal['name'] ?></td>
- <td class="text"><?php echo $cal['url'] ?></td>
+ <td class="text"><a onclick="deleteCal(decodeURIComponent('<?php echo rawurlencode($cal['url']) ?>')); return false;"><?php echo Horde::img('delete.png', _("Delete"), '', $registry->getImageDir('horde')) ?></a></td>
+ <td class="text"><?php echo htmlspecialchars($cal['name']) ?></td>
+ <td class="text"><?php echo htmlspecialchars($cal['url']) ?></td>
</tr>
<?php endforeach; ?>
--- orig/templates/attendees/attendees.inc
+++ mod/templates/attendees/attendees.inc
@@ -29,8 +29,8 @@
<?php Util::pformInput(); ?>
<input type="hidden" name="actionID" value="" />
<input type="hidden" name="actionValue" value="" />
-<input type="hidden" name="view" value="<?php echo $view ?>" />
-<input type="hidden" name="timestamp" value="<?php echo $timestamp ?>" />
+<input type="hidden" name="view" value="<?php echo htmlspecialchars($view) ?>" />
+<input type="hidden" name="timestamp" value="<?php echo htmlspecialchars($timestamp) ?>" />
<?php $notification->notify(array('status')); ?>
@@ -55,11 +55,11 @@
<tr class="item<?php echo ($i++ % 2) ?>">
<?php
$statustext = sprintf(_("Remove %s"), $email);
- echo "<td>", Horde::link("javascript:performAction('remove', '" . addslashes($email) . "')", $statustext), Horde::img('delete.png', $statustext, null, $registry->getImageDir('horde')), "</a></td>";
+ echo "<td>", Horde::link("javascript:performAction('remove', '" . rawurlencode($email) . "')", $statustext), Horde::img('delete.png', $statustext, null, $registry->getImageDir('horde')), "</a></td>";
?>
<td><?php echo Horde::link($registry->call('mail/compose', array(array('to' => addslashes($email)))), sprintf(_("Send an email to %s"), $email)), htmlspecialchars($email) . '</a>'; ?></td>
<td>
- <select name="<?php echo htmlspecialchars("attendance_$i") ?>" onchange="performAction('changeatt', document.attendeesForm.<?php echo htmlspecialchars("attendance_$i") ?>.value + ' <?php echo addslashes($email) ?>');">
+ <select name="<?php echo "attendance_$i" ?>" onchange="performAction('changeatt', document.attendeesForm.<?php echo "attendance_$i" ?>.value + ' ' + decodeURIComponent('<?php echo rawurlencode($email) ?>'));">
<option value="<?php echo KRONOLITH_PART_REQUIRED ?>"<?php if ($status['attendance'] == KRONOLITH_PART_REQUIRED) echo ' selected="selected"' ?>><?php echo Kronolith::partToString(KRONOLITH_PART_REQUIRED); ?></option>
<option value="<?php echo KRONOLITH_PART_OPTIONAL ?>"<?php if ($status['attendance'] == KRONOLITH_PART_OPTIONAL) echo ' selected="selected"' ?>><?php echo Kronolith::partToString(KRONOLITH_PART_OPTIONAL); ?></option>
<option value="<?php echo KRONOLITH_PART_NONE ?>"<?php if ($status['attendance'] == KRONOLITH_PART_NONE) echo ' selected="selected"' ?>><?php echo Kronolith::partToString(KRONOLITH_PART_NONE); ?></option>
--- orig/templates/menu.inc
+++ mod/templates/menu.inc
@@ -29,19 +29,19 @@
<?php if (count($my_calendars)): ?>
<option value=""><?php echo _("My Calendars:") ?></option>
<?php foreach ($my_calendars as $id => $cal): ?>
- <option value="<?php echo $id ?>"><?php echo (in_array($id, $display_calendars) ? '+ ' : '– ') . $cal->get('name') ?></option>
+ <option value="<?php echo htmlspecialchars($id) ?>"><?php echo (in_array($id, $display_calendars) ? '+ ' : '– ') . htmlspecialchars($cal->get('name')) ?></option>
<?php endforeach; ?>
<?php endif; ?>
<?php if (count($shared_calendars)): ?>
<option value=""><?php echo _("Shared Calendars:") ?></option>
<?php foreach ($shared_calendars as $id => $cal): ?>
- <option value="<?php echo $id ?>"><?php echo (in_array($id, $display_calendars) ? '+ ' : '– ') . '[' . $cal->get('owner') . '] ' . $cal->get('name') ?></option>
+ <option value="<?php echo htmlspecialchars($id) ?>"><?php echo (in_array($id, $display_calendars) ? '+ ' : '– ') . '[' . $cal->get('owner') . '] ' . htmlspecialchars($cal->get('name')) ?></option>
<?php endforeach; ?>
<?php endif; ?>
<?php if (count($remote_calendars)): ?>
<option value=""><?php echo _("Remote Calendars:") ?></option>
<?php foreach ($remote_calendars as $id => $cal): ?>
- <option value="remote_<?php echo $cal['url'] ?>"><?php echo (in_array($cal['url'], $display_remote_calendars) ? '+ ' : '– ') . $cal['name'] ?></option>
+ <option value="remote_<?php echo htmlspecialchars($cal['url']) ?>"><?php echo (in_array($cal['url'], $display_remote_calendars) ? '+ ' : '– ') . htmlspecialchars($cal['name']) ?></option>
<?php endforeach; ?>
<?php endif; ?>
</select>
--- orig/templates/data/export.inc
+++ mod/templates/data/export.inc
@@ -42,12 +42,12 @@
<?php
$start_month_match = date('n') - 1;
for ($i = 1; $i < 13; $i++):
- $sel = '';
- if ($i == $start_month_match) {
- $sel = ' selected="selected"';
- }
+ $sel = '';
+ if ($i == $start_month_match) {
+ $sel = ' selected="selected"';
+ }
?>
- <option value="<?php echo $i ?>"<?php echo $sel ?>><?php echo strftime('%b', mktime(1,1,1,$i,1)) ?></option>
+ <option value="<?php echo $i ?>"<?php echo $sel ?>><?php echo strftime('%b', mktime(1, 1, 1, $i, 1)) ?></option>
<?php endfor; ?>
</select>
-
@@ -55,10 +55,10 @@
<?php
$start_day_match = date('j');
for ($i = 1; $i < 32; $i++):
- $sel = '';
- if ($i == $start_day_match) {
- $sel = ' selected="selected"';
- }
+ $sel = '';
+ if ($i == $start_day_match) {
+ $sel = ' selected="selected"';
+ }
?>
<option value="<?php echo $i ?>"<?php echo $sel ?>><?php echo $i ?></option>
<?php endfor; ?>
@@ -74,10 +74,10 @@
$start_hour_match = $prefs->getValue('twentyFour') ? 0 : 10;
$hour_min = ($prefs->getValue('twentyFour')) ? 0 : 1;
$hour_max = ($prefs->getValue('twentyFour')) ? 24 : 13;
-for ($i=$hour_min; $i<$hour_max; $i++):
- $sel = '';
- if ($i == $start_hour_match)
- $sel = ' selected="selected"';
+for ($i = $hour_min; $i < $hour_max; $i++):
+ $sel = '';
+ if ($i == $start_hour_match)
+ $sel = ' selected="selected"';
?>
<option value="<?php echo $i ?>"<?php echo $sel ?>><?php echo $i ?></option>
<?php endfor; ?>
@@ -86,11 +86,11 @@
<select name="start_min" onchange="document.getElementById('some').checked = true;">
<?php
$start_min_match = 0;
-for ($i=0; $i<12; $i++):
- $sel = '';
- $min = sprintf('%02d', $i * 5);
- if ($min == $start_min_match)
- $sel = ' selected="selected"';
+for ($i = 0; $i < 12; $i++):
+ $sel = '';
+ $min = sprintf('%02d', $i * 5);
+ if ($min == $start_min_match)
+ $sel = ' selected="selected"';
?>
<option value="<?php echo $min ?>"<?php echo $sel ?>><?php echo $min ?></option>
<?php endfor; ?>
@@ -109,7 +109,7 @@
<td>
<?php
$end_year_match = $start_year_match;
-$end_month_match = $start_month_match +1;
+$end_month_match = $start_month_match + 1;
$end_day_match = $start_day_match;
$end_hour_match = $start_hour_match;
$end_min_match = $start_min_match;
@@ -158,9 +158,9 @@
<select name="end_hour" onchange="document.getElementById('some').checked = true;">
<?php
for ($i = $hour_min; $i < $hour_max; $i++):
- $sel = '';
- if ($i == $end_hour_match)
- $sel = ' selected="selected"';
+ $sel = '';
+ if ($i == $end_hour_match)
+ $sel = ' selected="selected"';
?>
<option value="<?php echo $i ?>"<?php echo $sel ?>><?php echo $i ?></option>
<?php endfor; ?>
--- orig/templates/week/head_side_by_side.inc
+++ mod/templates/week/head_side_by_side.inc
@@ -9,7 +9,7 @@
<?php endif; ?>
<?php foreach ($this->_currentCalendars as $cid => $cal): ?>
<td class="<?php echo ($day->isToday() ? 'selected-control' : 'control') ?>" width="<?php echo floor((90/count($this->days)) / count($this->_currentCalendars)) ?>%" colspan="<?php echo $day->_span[$cid] ?>">
- <strong><?php echo $cal->get('name') . ' ' . Horde::link(Util::addParameter(Horde::selfUrl(), 'display_cal', $cal->getShortName()), sprintf(_("Hide %s"), $cal->get('name'))) . Horde::img('delete-small.png', _("Hide"), '', $GLOBALS['registry']->getImageDir('horde')) . '</a>' ?></strong>
+ <strong><?php echo htmlspecialchars($cal->get('name')) . ' ' . Horde::link(Util::addParameter(Horde::selfUrl(), 'display_cal', $cal->getShortName()), sprintf(_("Hide %s"), $cal->get('name'))) . Horde::img('delete-small.png', _("Hide"), '', $GLOBALS['registry']->getImageDir('horde')) . '</a>' ?></strong>
</td>
<?php endforeach; endforeach; ?>
</tr>
--- orig/lib/FBView.php
+++ mod/lib/FBView.php
@@ -10,7 +10,7 @@
*
* See the enclosed file COPYING for license information.
*
- * $Horde: kronolith/lib/FBView.php,v 1.10.10.4 2005/07/01 01:45:08 selsky Exp $
+ * $Horde: kronolith/lib/FBView.php,v 1.10.10.4.2.1 2005/12/06 00:12:04 jan Exp $
*
* @author Mike Cochrane <mike at graftonhall.co.nz>
* @author Jan Schneider <jan at horde.org>
@@ -98,6 +98,7 @@
$template->set('title', _("Required to attend"));
$template->set('rows', $rows);
$template->set('hours', $hours_html);
+ $template->set('legend', '');
$html .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/section.tpl');
}
@@ -117,6 +118,7 @@
$template->set('title', _("Optional to attend"));
$template->set('rows', $rows);
$template->set('hours', $hours_html);
+ $template->set('legend', '');
$html .= $template->fetch(KRONOLITH_TEMPLATES . '/fbview/section.tpl');
}
--- orig/lib/version.php
+++ mod/lib/version.php
@@ -1 +1 @@
-<?php define('KRONOLITH_VERSION', 'H3 (2.0.5)') ?>
+<?php define('KRONOLITH_VERSION', 'H3 (2.0.6)') ?>
--- orig/docs/CHANGES
+++ mod/docs/CHANGES
@@ -1,4 +1,11 @@
------
+v2.0.6
+------
+
+[cjh] Close several XSS problems with calendar and event fields.
+
+
+------
v2.0.5
------
--- orig/templates/delete/one.inc
+++ mod/templates/delete/one.inc
@@ -7,15 +7,15 @@
?>
<form action="deleventaction.php" method="post" name="delete">
<?php echo Util::formInput() ?>
-<input type="hidden" name="year" value="<?php if (isset($year)) echo $year ?>" />
-<input type="hidden" name="month" value="<?php if (isset($month)) echo $month ?>" />
-<input type="hidden" name="mday" value="<?php if (isset($day)) echo $day ?>" />
-<input type="hidden" name="url" value="<?php echo $url ?>" />
-<input type="hidden" name="eventID" value="<?php echo $event->getID() ?>" />
-<input type="hidden" name="calendar" value="<?php echo Util::getFormData('calendar') ?>" />
+<input type="hidden" name="year" value="<?php if (isset($year)) echo htmlspecialchars($year) ?>" />
+<input type="hidden" name="month" value="<?php if (isset($month)) echo htmlspecialchars($month) ?>" />
+<input type="hidden" name="mday" value="<?php if (isset($day)) echo htmlspecialchars($day) ?>" />
+<input type="hidden" name="url" value="<?php echo htmlspecialchars($url) ?>" />
+<input type="hidden" name="eventID" value="<?php echo htmlspecialchars($event->getID()) ?>" />
+<input type="hidden" name="calendar" value="<?php echo htmlspecialchars(Util::getFormData('calendar')) ?>" />
<div class="header">
- <?php echo sprintf(_("Delete %s"), $event->getTitle()) ?>
+ <?php printf(_("Delete %s"), htmlspecialchars($event->getTitle())) ?>
</div>
<br class="spacer" />
@@ -27,7 +27,7 @@
<p><?php echo _("Permanently delete this event?") ?></p>
<input type="submit" class="button" name="delete" value="<?php echo _("Delete") ?>" />
- <a class="button" href="<?php echo $url ?>"><?php echo _("Cancel") ?></a>
+ <a class="button" href="<?php echo htmlspecialchars($url) ?>"><?php echo _("Cancel") ?></a>
</div>
</form>
--- orig/templates/prefs/shareselect.inc
+++ mod/templates/prefs/shareselect.inc
@@ -10,7 +10,7 @@
<b><?php echo _("Your default calendar") ?></b>
<select name="default_share">
<?php foreach ($sharelist as $id => $share): ?>
- <option value="<?php echo $id ?>"<?php if ($id == $default_share) echo ' selected="selected"' ?>><?php echo $share->get('name') ?></option>
+ <option value="<?php echo htmlspecialchars($id) ?>"<?php if ($id == $default_share) echo ' selected="selected"' ?>><?php echo htmlspecialchars($share->get('name')) ?></option>
<?php endforeach; ?>
</select>
<?php endif; ?>
--- orig/templates/edit/edit.inc
+++ mod/templates/edit/edit.inc
@@ -4,19 +4,19 @@
?>
<form action="<?php echo ($event->isInitialized() ? 'editeventaction.php' : 'addeventaction.php') ?>" method="post" name="event">
<?php Util::pformInput() ?>
-<input type="hidden" name="year" value="<?php if (isset($year)) echo $year ?>" />
-<input type="hidden" name="month" value="<?php if (isset($month)) echo $month ?>" />
-<input type="hidden" name="mday" value="<?php if (isset($day)) echo $day ?>" />
-<input type="hidden" name="timestamp" value="<?php if (isset($timestamp)) echo $timestamp ?>" />
+<input type="hidden" name="year" value="<?php if (isset($year)) echo htmlspecialchars($year) ?>" />
+<input type="hidden" name="month" value="<?php if (isset($month)) echo htmlspecialchars($month) ?>" />
+<input type="hidden" name="mday" value="<?php if (isset($day)) echo htmlspecialchars($day) ?>" />
+<input type="hidden" name="timestamp" value="<?php if (isset($timestamp)) echo htmlspecialchars($timestamp) ?>" />
<input type="hidden" name="new_category" value="" />
<?php if (isset($url)): ?>
-<input type="hidden" name="url" value="<?php echo $url ?>" />
+<input type="hidden" name="url" value="<?php echo htmlspecialchars($url) ?>" />
<?php endif; ?>
<?php if ($event->isInitialized()): ?>
-<input type="hidden" name="eventID" value="<?php echo $event->getID() ?>" />
+<input type="hidden" name="eventID" value="<?php echo htmlspecialchars($event->getID()) ?>" />
<?php endif; ?>
<?php if ($event->isInitialized()): ?>
-<input type="hidden" name="existingcalendar" value="<?php echo $event->getCalendar() ?>" />
+<input type="hidden" name="existingcalendar" value="<?php echo htmlspecialchars($event->getCalendar()) ?>" />
<?php endif; ?>
<table cellspacing="0" cellpadding="4">
@@ -28,8 +28,8 @@
<!-- buttons -->
<tr>
<td align="right" colspan="5">
- <?php echo implode("\n", $buttons); ?>
- <input type="submit" name="cancel" class="button" value="<?php echo _("Cancel") ?>" onclick="self.location = '<?php echo $cancelurl; ?>'; return false;" />
+ <?php echo implode("\n", $buttons) ?>
+ <input type="submit" name="cancel" class="button" value="<?php echo _("Cancel") ?>" onclick="self.location = '<?php echo $cancelurl ?>'; return false;" />
<input type="button" name="resetButton" class="button" value="<?php echo _("Reset to Defaults") ?>" onclick="document.event.reset(); updateWday('start_wday'); updateWday('end_wday');" />
</td>
</tr>
@@ -52,7 +52,7 @@
foreach ($calendars as $id => $cal) {
$sel = ($id == $calendar_id) ? ' selected="selected"' : '';
echo sprintf('<option value="%s"%s>%s</option>',
- $id, $sel, $cal->get('name')) . "\n";
+ htmlspecialchars($id), $sel, htmlspecialchars($cal->get('name'))) . "\n";
} ?>
</select>
@@ -88,12 +88,12 @@
</td>
</tr>
-<?php require KRONOLITH_TEMPLATES . '/edit/edit_timespan.inc'; ?>
+<?php require KRONOLITH_TEMPLATES . '/edit/edit_timespan.inc' ?>
<!-- alarm -->
<tr>
<td align="right" class="light" rowspan="2">
- <b><?php $ak = Horde::getAccessKey(_("Alarm")); echo Horde::highlightAccessKey(_("Alarm"), $ak); ?> </b>
+ <b><?php $ak = Horde::getAccessKey(_("Alarm")); echo Horde::highlightAccessKey(_("Alarm"), $ak) ?> </b>
</td>
<td class="item<?php echo(++$_i % 2)?>" align="left" valign="top">
<?php
@@ -280,21 +280,21 @@
<td></td>
<td class="item<?php echo($_i++ % 2) ?>" colspan="4" align="left">
<table cellspacing="2" cellpadding="2">
- <?php include_once KRONOLITH_BASE . '/config/keywords.php'; $count = 0; $_j = $_i; ?>
+ <?php include_once KRONOLITH_BASE . '/config/keywords.php'; $count = 0; $_j = $_i ?>
<?php foreach ($keywords as $cat => $list):
if ($count % 3 == 0): ?>
<tr>
<?php endif; ?>
<td class="item<?php echo($_j++ % 2) ?>" valign="top">
<b><?php echo $cat ?></b><br />
- <?php for ($k = 0; $k < count($list); $k++): ?>
- <input type="checkbox" id="keyword<?php echo $k ?>" name="keywords[]" value="<?php echo htmlspecialchars($list[$k]) ?>"<?php if ($event->hasKeyword($list[$k])) echo ' checked="checked"' ?> />
+ <?php for ($k = 0; $k < count($list); ++$k): ?>
+ <input type="checkbox" id="keyword<?php echo htmlspecialchars($k) ?>" name="keywords[]" value="<?php echo htmlspecialchars($list[$k]) ?>"<?php if ($event->hasKeyword($list[$k])) echo ' checked="checked"' ?> />
<?php echo Horde::label('keyword' . $k, htmlspecialchars($list[$k])) ?><br />
<?php endfor; ?>
</td>
<?php if (($count % 3 == 2) || ($count == count($keywords) - 1)): ?>
</tr>
- <?php endif; $count++; ?>
+ <?php endif; ++$count; ?>
<?php endforeach; ?>
</table>
</td>
@@ -304,8 +304,8 @@
<!-- buttons -->
<tr>
<td align="right" colspan="5">
- <?php echo implode("\n", $buttons); ?>
- <input type="submit" name="cancel" class="button" value="<?php echo _("Cancel") ?>" onclick="self.location = '<?php echo $cancelurl; ?>'; return false;" />
+ <?php echo implode("\n", $buttons) ?>
+ <input type="submit" name="cancel" class="button" value="<?php echo _("Cancel") ?>" onclick="self.location = '<?php echo $cancelurl ?>'; return false;" />
<input type="button" name="resetButton" class="button" value="<?php echo _("Reset to Defaults") ?>" onclick="document.event.reset(); updateWday('start_wday'); updateWday('end_wday');" />
</td>
</tr>
More information about the pkg-horde-hackers
mailing list