Fix security vulnerability in file manager allowing XSS attack

2019-06-21 21:04:42 -07:00 · 2019-06-21 21:04:42 -07:00 · 06ff76e2e9
commit 06ff76e2e9
parent cd7ec731dc
7 changed files with 25 additions and 10 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,6 +3,17 @@ This file is a running track of new features and fixes to each version of the pa

 This project follows [Semantic Versioning](http://semver.org) guidelines.

+## v0.7.14 (Derelict Dermodactylus)
+### Fixed
+* **[SECURITY]** Fixes an XSS vulnerability when performing certain actions in the file manager.
+
+### Changed
+* Support for setting a node to listen on ports lower than 1024.
+* Regenerated database passwords now respect the same settings that were used when initially created.
+* Cleaned up 2FA QR code generation to use a more up-to-date library and API.
+* Console charts now properly start at 0 and scale based on server configuration. No more crazy spikes that
+are due to a change of one unit.
+
 ## v0.7.13 (Derelict Dermodactylus)
 ### Fixed
 * Fixes a bug with the location update API endpoint throwing an error due to an unexected response value.
--- a/README.md
+++ b/README.md
@ -1,4 +1,4 @@
-[![Logo Image](https://cdn.pterodactyl.io/logos/Banner%20Logo%20Black@2x.png)](https://pterodactyl.io)
+[![Logo Image](https://cdn.pterodactyl.io/logos/new/pterodactyl_logo.png)](https://pterodactyl.io)

 [![Build status](https://img.shields.io/travis/pterodactyl/panel/develop.svg?style=flat-square)](https://travis-ci.org/pterodactyl/panel)
 [![StyleCI](https://styleci.io/repos/47508644/shield?branch=develop)](https://styleci.io/repos/47508644)
--- a/public/themes/pterodactyl/js/frontend/files/filemanager.min.js
+++ b/public/themes/pterodactyl/js/frontend/files/filemanager.min.js
--- a/public/themes/pterodactyl/js/frontend/files/filemanager.min.js.map
+++ b/public/themes/pterodactyl/js/frontend/files/filemanager.min.js.map
--- a/public/themes/pterodactyl/js/frontend/files/src/actions.js
+++ b/public/themes/pterodactyl/js/frontend/files/src/actions.js
@ -29,6 +29,10 @@ class ActionsClass {
        this.element = undefined;
    }

+    sanitizedString(value) {
+        return $('<div>').text(value).html();
+    }
+
    folder(path) {
        let inputValue
        if (path) {
@ -296,7 +300,7 @@ class ActionsClass {
        swal({
            type: 'warning',
            title: '',
-            text: 'Are you sure you want to delete <code>' + delName + '</code>?',
+            text: 'Are you sure you want to delete <code>' + this.sanitizedString(delName) + '</code>?',
            html: true,
            showCancelButton: true,
            showConfirmButton: true,
@ -394,7 +398,7 @@ class ActionsClass {
            let formattedItems = "";
            let i = 0;
            $.each(selectedItems, function(key, value) {
-                formattedItems += ("<code>" + value + "</code>, ");
+                formattedItems += ("<code>" + this.sanitizedString(value) + "</code>, ");
                i++;
                return i < 5;
            });
@ -407,7 +411,7 @@ class ActionsClass {
            swal({
                type: 'warning',
                title: '',
-                text: 'Are you sure you want to delete the following files: ' + formattedItems + '?',
+                text: 'Are you sure you want to delete the following files: ' + this.sanitizedString(formattedItems) + '?',
                html: true,
                showCancelButton: true,
                showConfirmButton: true,
@ -536,7 +540,7 @@ class ActionsClass {
                type: 'error',
                title: 'Whoops!',
                html: true,
-                text: error
+                text: this.sanitizedString(error)
            });
        });
    }
--- a/public/themes/pterodactyl/js/frontend/files/src/contextmenu.js
+++ b/public/themes/pterodactyl/js/frontend/files/src/contextmenu.js
@ -62,7 +62,7 @@ class ContextMenuClass {

        if (Pterodactyl.permissions.createFiles) {
            buildMenu += '<li class="divider"></li> \
-                          <li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + newFilePath + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \
+                          <li data-action="file"><a href="/server/'+ Pterodactyl.server.uuidShort +'/files/add/?dir=' + $('<div>').text(newFilePath).html() + '" class="text-muted"><i class="fa fa-fw fa-plus"></i> New File</a></li> \
                          <li data-action="folder"><a tabindex="-1" href="#"><i class="fa fa-fw fa-folder"></i> New Folder</a></li>';
        }

--- a/resources/themes/pterodactyl/server/files/index.blade.php
+++ b/resources/themes/pterodactyl/server/files/index.blade.php
@ -44,7 +44,7 @@
    {!! Theme::js('vendor/lodash/lodash.js') !!}
    {!! Theme::js('vendor/siofu/client.min.js') !!}
    @if(App::environment('production'))
-        {!! Theme::js('js/frontend/files/filemanager.min.js?updated-cancel-buttons') !!}
+        {!! Theme::js('js/frontend/files/filemanager.min.js?hash=cd7ec731dc633e23ec36144929a237d18c07d2f0') !!}
    @else
        {!! Theme::js('js/frontend/files/src/index.js') !!}
        {!! Theme::js('js/frontend/files/src/contextmenu.js') !!}