Commit 5abf08ff authored by Chenu Denis's avatar Chenu Denis

Fixed issue #12234: [security] XSS in upload files

parent bfded0fb
......@@ -56,7 +56,7 @@ function openUploadModalDialog(){
});
});
}
$(window).resize(function() {
$(window).resize(function() {
setWidthUploader();
if(typeof $("iframe#uploader")[0]!=="undefined" && jQuery.isFunction($("iframe#uploader")[0].contentWindow.fixParentHeigth))
$("iframe#uploader")[0].contentWindow.fixParentHeigth();
......@@ -64,7 +64,7 @@ $(window).resize(function() {
/* Reset the position of the dialog (recenter) */
function resetUploaderPosition(){
$( "#uploader" ).dialog( "option", "position", $( "#uploader" ).dialog( "option", "position" ) );
}
/* Set the with of upload madal and uploader frame according to windows width */
function setWidthUploader(){
......@@ -133,10 +133,10 @@ function displayUploadedFiles(jsonstring, filecount, fieldname, show_title, show
display += '<tr><td class="upload placeholder"><div class="upload-placeholder" /></td>';
if (show_title != 0)
display += '<td class="upload title">'+jsonobj[i].title+'</td>';
if (show_comment != 0)
display += '<td class="upload comment">'+jsonobj[i].comment+'</td>';
display +='<td class="upload edit">'+decodeURIComponent(jsonobj[i].name)+'</td><td>'+'<a class="upload-edit" onclick="javascript:upload_'+fieldname+'();$(\'#upload_'+fieldname+'\').click();">'+uploadLang.editFile+'</a></td></tr>';
display += '<td class="upload title">'+htmlspecialchars(jsonobj[i].title)+'</td>';
if (show_comment != 0)
display += '<td class="upload comment">'+htmlspecialchars(jsonobj[i].comment)+'</td>';
display +='<td class="upload edit">'+htmlspecialchars(decodeURIComponent(jsonobj[i].name))+'</td><td>'+'<a class="upload-edit" onclick="javascript:upload_'+fieldname+'();$(\'#upload_'+fieldname+'\').click();">'+uploadLang.editFile+'</a></td></tr>';
}
display += '</tbody></table>';
......
......@@ -40,9 +40,9 @@ function doFileUpload(){
previewblock += "<img src='"+uploadurl+"/filegetcontents/"+json[i-1].filename+"' onload='fixParentHeigth()' class='uploaded' />";
else
previewblock += "<div class='upload-placeholder' />";
previewblock += "<span class='file-name'>"+decodeURIComponent(json[i-1].name)+"</span>";
previewblock += "<span class='file-name'>"+escapeHtml(decodeURIComponent(json[i-1].name))+"</span>";
previewblock += "</div>";
if ($('#'+fieldname+'_show_title').val() == 1 || $('#'+fieldname+'_show_comment').val() == 1)
{
previewblock +="<div class='file-info'><fieldset>";
......@@ -166,7 +166,7 @@ function doFileUpload(){
previewblock += "<img src='"+uploadurl+"/filegetcontents/"+decodeURIComponent(metadata.filename)+"' onload='fixParentHeigth()' class='uploaded' />";
else
previewblock += "<div class='upload-placeholder' />";
previewblock += "<span class='file-name'>"+decodeURIComponent(metadata.name)+"<span>";
previewblock += "<span class='file-name'>"+escapeHtml(decodeURIComponent(metadata.name))+"<span>";
previewblock += "</div>";
if ($('#'+fieldname+'_show_title').val() == 1 || $('#'+fieldname+'_show_comment').val() == 1)
......@@ -215,7 +215,7 @@ function doFileUpload(){
$('#notice').html('<p class="error">'+metadata.msg+'</p>');
fixParentHeigth();
}
}
});
......@@ -293,13 +293,13 @@ function deletefile(fieldname, count) {
var filecount = parseInt($('#'+fieldname+'_filecount').val());
var licount = parseInt($('#'+fieldname+'_licount').val());
$.ajax(
{
method: "POST",
url: uploadurl,
data: {
'delete': 1,
data: {
'delete': 1,
'fieldname': fieldname,
'filename' : filename,
'name' : name,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment