Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix security vulnerability in file manager allowing XSS attack

Browse source
This commit is contained in:
Dane Everitt 2019-06-21 21:04:42 -07:00
parent cd7ec731dc
commit 06ff76e2e9
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
7 changed files with 25 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
CHANGELOG.md
View file

@ -3,6 +3,17 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines. This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.7.14 (Derelict Dermodactylus)
### Fixed
* **[SECURITY]** Fixes an XSS vulnerability when performing certain actions in the file manager.
### Changed
* Support for setting a node to listen on ports lower than 1024.
* Regenerated database passwords now respect the same settings that were used when initially created.
* Cleaned up 2FA QR code generation to use a more up-to-date library and API.
* Console charts now properly start at 0 and scale based on server configuration. No more crazy spikes that
are due to a change of one unit.
## v0.7.13 (Derelict Dermodactylus) ## v0.7.13 (Derelict Dermodactylus)
### Fixed ### Fixed
* Fixes a bug with the location update API endpoint throwing an error due to an unexected response value. * Fixes a bug with the location update API endpoint throwing an error due to an unexected response value.

2
README.md
View file

@ -1,4 +1,4 @@
[![Logo Image](https://cdn.pterodactyl.io/logos/Banner%20Logo%20Black@2x.png)](https://pterodactyl.io) [![Logo Image](https://cdn.pterodactyl.io/logos/new/pterodactyl_logo.png)](https://pterodactyl.io)
[![Build status](https://img.shields.io/travis/pterodactyl/panel/develop.svg?style=flat-square)](https://travis-ci.org/pterodactyl/panel) [![Build status](https://img.shields.io/travis/pterodactyl/panel/develop.svg?style=flat-square)](https://travis-ci.org/pterodactyl/panel)
[![StyleCI](https://styleci.io/repos/47508644/shield?branch=develop)](https://styleci.io/repos/47508644) [![StyleCI](https://styleci.io/repos/47508644/shield?branch=develop)](https://styleci.io/repos/47508644)

4
public/themes/pterodactyl/js/frontend/files/filemanager.min.js vendored
View file

File diff suppressed because one or more lines are too long

2
public/themes/pterodactyl/js/frontend/files/filemanager.min.js.map
View file

File diff suppressed because one or more lines are too long

12
public/themes/pterodactyl/js/frontend/files/src/actions.js
View file

@ -29,6 +29,10 @@ class ActionsClass {
this.element = undefined; this.element = undefined;
} }
sanitizedString(value) {
return $('<div>').text(value).html();
}
folder(path) { folder(path) {
let inputValue let inputValue
if (path) { if (path) {
@ -296,7 +300,7 @@ class ActionsClass {
swal({ swal({
type: 'warning', type: 'warning',
title: '', title: '',
text: 'Are you sure you want to delete <code>' + delName + '</code>?', text: 'Are you sure you want to delete <code>' + this.sanitizedString(delName) + '</code>?',
html: true, html: true,
showCancelButton: true, showCancelButton: true,
showConfirmButton: true, showConfirmButton: true,
@ -394,7 +398,7 @@ class ActionsClass {
let formattedItems = ""; let formattedItems = "";
let i = 0; let i = 0;
$.each(selectedItems, function(key, value) { $.each(selectedItems, function(key, value) {
formattedItems += ("<code>" + value + "</code>, "); formattedItems += ("<code>" + this.sanitizedString(value) + "</code>, ");
i++; i++;
return i < 5; return i < 5;
}); });
@ -407,7 +411,7 @@ class ActionsClass {
swal({ swal({
type: 'warning', type: 'warning',
title: '', title: '',
text: 'Are you sure you want to delete the following files: ' + formattedItems + '?', text: 'Are you sure you want to delete the following files: ' + this.sanitizedString(formattedItems) + '?',
html: true, html: true,
showCancelButton: true, showCancelButton: true,
showConfirmButton: true, showConfirmButton: true,
@ -536,7 +540,7 @@ class ActionsClass {
type: 'error', type: 'error',
title: 'Whoops!', title: 'Whoops!',
html: true, html: true,
text: error text: this.sanitizedString(error)
}); });
}); });
} }

2
public/themes/pterodactyl/js/frontend/files/src/contextmenu.js
View file

@ -62,7 +62,7 @@ class ContextMenuClass {
if (Pterodactyl.permissions.createFiles) { if (Pterodactyl.permissions.createFiles) {
buildMenu += '<li class="divider"></li> \ buildMenu += '<li class="divider"></li> \
<li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + newFilePath + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \ <li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + $('<div>').text(newFilePath).html() + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \
<li data-action="folder"><a tabindex="-1" href="#"><i class="fa fa-fw fa-folder"></i> New Folder</a></li>'; <li data-action="folder"><a tabindex="-1" href="#"><i class="fa fa-fw fa-folder"></i> New Folder</a></li>';
} }

2
resources/themes/pterodactyl/server/files/index.blade.php
View file

@ -44,7 +44,7 @@
{!! Theme::js('vendor/lodash/lodash.js') !!} {!! Theme::js('vendor/lodash/lodash.js') !!}
{!! Theme::js('vendor/siofu/client.min.js') !!} {!! Theme::js('vendor/siofu/client.min.js') !!}
@if(App::environment('production')) @if(App::environment('production'))
{!! Theme::js('js/frontend/files/filemanager.min.js?updated-cancel-buttons') !!} {!! Theme::js('js/frontend/files/filemanager.min.js?hash=cd7ec731dc633e23ec36144929a237d18c07d2f0') !!}
@else @else
{!! Theme::js('js/frontend/files/src/index.js') !!} {!! Theme::js('js/frontend/files/src/index.js') !!}
{!! Theme::js('js/frontend/files/src/contextmenu.js') !!} {!! Theme::js('js/frontend/files/src/contextmenu.js') !!}