Security fixes XSS in oxidized-cfg-check.inc.php and print-customoid.php (#14126)

enferas · web-flow · commit e5c91a0f835d · 2022-07-20T12:45:42.000-05:00
Signed-off-by: AL-KASSAR &lt;feras.al-kassar@sap.com&gt;
diff --git a/includes/html/pages/tools/oxidized-cfg-check.inc.php b/includes/html/pages/tools/oxidized-cfg-check.inc.php
@@ -8,6 +8,7 @@
         $oxidized_cfg = Yaml::parse($_POST['config']);
         $validate_cfg = validate_oxidized_cfg($oxidized_cfg);
         foreach ($validate_cfg as $error) {
+            $error = htmlspecialchars($error);
             echo "<div class='alert alert-danger'>$error</div>";
         }
         if (empty($validate_cfg)) {
diff --git a/includes/html/print-customoid.php b/includes/html/print-customoid.php
@@ -74,7 +74,7 @@
 
 $count = dbFetchCell("SELECT COUNT(*) $query $where", $param);
 if (isset($_POST['page_num']) && $_POST['page_num'] > 0 && $_POST['page_num'] <= $count) {
-    $page_num = $_POST['page_num'];
+    $page_num = intval($_POST['page_num']);
 } else {
     $page_num = 1;
 }

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`$oxidized_cfg = Yaml::parse($_POST['config']);`
`9`	`9`	`$validate_cfg = validate_oxidized_cfg($oxidized_cfg);`
`10`	`10`	`foreach ($validate_cfg as $error) {`
	`11`	`+ $error = htmlspecialchars($error);`
`11`	`12`	`echo "<div class='alert alert-danger'>$error</div>";`
`12`	`13`	`}`
`13`	`14`	`if (empty($validate_cfg)) {`
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@`
`74`	`74`
`75`	`75`	`$count = dbFetchCell("SELECT COUNT(*) $query $where", $param);`
`76`	`76`	`if (isset($_POST['page_num']) && $_POST['page_num'] > 0 && $_POST['page_num'] <= $count) {`
`77`		`- $page_num = $_POST['page_num'];`
	`77`	`+ $page_num = intval($_POST['page_num']);`
`78`	`78`	`} else {`
`79`	`79`	`$page_num = 1;`
`80`	`80`	`}`