Fix security vulnerability in file manager allowing XSS attack

This commit is contained in:
Dane Everitt 2019-06-21 21:04:42 -07:00
parent cd7ec731dc
commit 06ff76e2e9
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
7 changed files with 25 additions and 10 deletions

View file

@ -3,6 +3,17 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.7.14 (Derelict Dermodactylus)
### Fixed
* **[SECURITY]** Fixes an XSS vulnerability when performing certain actions in the file manager.
### Changed
* Support for setting a node to listen on ports lower than 1024.
* Regenerated database passwords now respect the same settings that were used when initially created.
* Cleaned up 2FA QR code generation to use a more up-to-date library and API.
* Console charts now properly start at 0 and scale based on server configuration. No more crazy spikes that
are due to a change of one unit.
## v0.7.13 (Derelict Dermodactylus)
### Fixed
* Fixes a bug with the location update API endpoint throwing an error due to an unexected response value.

View file

@ -1,4 +1,4 @@
[![Logo Image](https://cdn.pterodactyl.io/logos/Banner%20Logo%20Black@2x.png)](https://pterodactyl.io)
[![Logo Image](https://cdn.pterodactyl.io/logos/new/pterodactyl_logo.png)](https://pterodactyl.io)
[![Build status](https://img.shields.io/travis/pterodactyl/panel/develop.svg?style=flat-square)](https://travis-ci.org/pterodactyl/panel)
[![StyleCI](https://styleci.io/repos/47508644/shield?branch=develop)](https://styleci.io/repos/47508644)

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View file

@ -29,6 +29,10 @@ class ActionsClass {
this.element = undefined;
}
sanitizedString(value) {
return $('<div>').text(value).html();
}
folder(path) {
let inputValue
if (path) {
@ -296,7 +300,7 @@ class ActionsClass {
swal({
type: 'warning',
title: '',
text: 'Are you sure you want to delete <code>' + delName + '</code>?',
text: 'Are you sure you want to delete <code>' + this.sanitizedString(delName) + '</code>?',
html: true,
showCancelButton: true,
showConfirmButton: true,
@ -394,7 +398,7 @@ class ActionsClass {
let formattedItems = "";
let i = 0;
$.each(selectedItems, function(key, value) {
formattedItems += ("<code>" + value + "</code>, ");
formattedItems += ("<code>" + this.sanitizedString(value) + "</code>, ");
i++;
return i < 5;
});
@ -407,7 +411,7 @@ class ActionsClass {
swal({
type: 'warning',
title: '',
text: 'Are you sure you want to delete the following files: ' + formattedItems + '?',
text: 'Are you sure you want to delete the following files: ' + this.sanitizedString(formattedItems) + '?',
html: true,
showCancelButton: true,
showConfirmButton: true,
@ -536,7 +540,7 @@ class ActionsClass {
type: 'error',
title: 'Whoops!',
html: true,
text: error
text: this.sanitizedString(error)
});
});
}

View file

@ -62,7 +62,7 @@ class ContextMenuClass {
if (Pterodactyl.permissions.createFiles) {
buildMenu += '<li class="divider"></li> \
<li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + newFilePath + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \
<li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + $('<div>').text(newFilePath).html() + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \
<li data-action="folder"><a tabindex="-1" href="#"><i class="fa fa-fw fa-folder"></i> New Folder</a></li>';
}

View file

@ -44,7 +44,7 @@
{!! Theme::js('vendor/lodash/lodash.js') !!}
{!! Theme::js('vendor/siofu/client.min.js') !!}
@if(App::environment('production'))
{!! Theme::js('js/frontend/files/filemanager.min.js?updated-cancel-buttons') !!}
{!! Theme::js('js/frontend/files/filemanager.min.js?hash=cd7ec731dc633e23ec36144929a237d18c07d2f0') !!}
@else
{!! Theme::js('js/frontend/files/src/index.js') !!}
{!! Theme::js('js/frontend/files/src/contextmenu.js') !!}