From 80ab898c7e15bab083a59141d5e69b1eb4d9d98a Mon Sep 17 00:00:00 2001 From: Julio Cesar Laura Date: Thu, 28 Mar 2013 13:29:50 -0400 Subject: [PATCH] BUG 11072 XSS vulnerability SOLVED - In the warning message the data sent are not correctly sanitized - Sanitize the data before send the message --- workflow/engine/methods/login/retrivePassword.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/workflow/engine/methods/login/retrivePassword.php b/workflow/engine/methods/login/retrivePassword.php index 05f450990..217107c93 100755 --- a/workflow/engine/methods/login/retrivePassword.php +++ b/workflow/engine/methods/login/retrivePassword.php @@ -55,10 +55,10 @@ if ($userData['USR_EMAIL'] != '' && $userData['USR_EMAIL'] === $data['USR_EMAIL' G::LoadClass('spool'); $oSpool = new spoolRun(); - if ($aSetup['MESS_RAUTH'] == false || (is_string($aSetup['MESS_RAUTH']) && $aSetup['MESS_RAUTH'] == 'false')) { - $aSetup['MESS_RAUTH'] = 0; - } else { - $aSetup['MESS_RAUTH'] = 1; + if ($aSetup['MESS_RAUTH'] == false || (is_string($aSetup['MESS_RAUTH']) && $aSetup['MESS_RAUTH'] == 'false')) { + $aSetup['MESS_RAUTH'] = 0; + } else { + $aSetup['MESS_RAUTH'] = 1; } $oSpool->setConfig( array( 'MESS_ENGINE' => $aSetup['MESS_ENGINE'], @@ -115,7 +115,7 @@ if ($userData['USR_EMAIL'] != '' && $userData['USR_EMAIL'] === $data['USR_EMAIL' G::SendTemporalMessage ($e->getMessage(), "warning", 'string'); } } else { - $msg = G::LoadTranslation('ID_USER') . ' ' . $data['USR_USERNAME'] . ' '. G::LoadTranslation('ID_IS_NOT_REGISTERED'); + $msg = G::LoadTranslation('ID_USER') . ' ' . htmlentities($data['USR_USERNAME'], ENT_QUOTES, 'UTF-8') . ' '. G::LoadTranslation('ID_IS_NOT_REGISTERED'); G::SendTemporalMessage ($msg, "warning", 'string'); G::header('location: forgotPassword'); }