Patch by hanno boeck

diff --git a/docs/NEWS b/docs/NEWS
index 968f92a4892b67d43b913ad1063813d695fb6897..dc4d3c556a8300744206cf76eb5eef9f53548141 100644 (file)
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -3,6 +3,9 @@
 Version 1.3.1 ()
 ------------------------------------------------------------------------
  
+    * Add XSS security checks for installer, even though very
+      hypothetical application :) (Hanno Böck)
+
     * Add {serendipity_getImageSize} smarty function (judebert)
      
     * Add escaping to "Top Referrers" plugin and honor local configuration

diff --git a/include/db/mysql.inc.php b/include/db/mysql.inc.php
index a5cf518730962c64858c5969957e3239afe6de20..ec0b8e62edfb7e653a78780fd9f30c37d2473545 100644 (file)
--- a/include/db/mysql.inc.php
+++ b/include/db/mysql.inc.php
@@ -96,13 +96,13 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re
     }
 
     if (!$expectError && mysql_error($serendipity['dbConn']) != '') {
-        $msg = '<pre>' . $sql . '</pre> / ' . mysql_error($serendipity['dbConn']);
+        $msg = '<pre>' . $sql . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
         return $msg;
     }
 
     if (!$c) {
         if (!$expectError && !$serendipity['production']) {
-            print '<pre>' . $sql . '</pre> / ' . mysql_error($serendipity['dbConn']);
+            print '<pre>' . $sql . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
             if (function_exists('debug_backtrace') && $reportErr == true) {
                 highlight_string(var_export(debug_backtrace(), 1));
             }
@@ -340,7 +340,7 @@ function serendipity_db_probe($hash, &$errs) {
 
     if (!($c = @mysql_connect($hash['dbHost'], $hash['dbUser'], $hash['dbPass']))) {
         $errs[] = 'Could not connect to database; check your settings.';
-        $errs[] = 'The mySQL error was: ' . mysql_error();
+        $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysql_error());
         return false;
     }
 
@@ -348,7 +348,7 @@ function serendipity_db_probe($hash, &$errs) {
 
     if (!@mysql_select_db($hash['dbName'])) {
         $errs[] = 'The database you specified does not exist.';
-        $errs[] = 'The mySQL error was: ' . mysql_error();
+        $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysql_error());
         return false;
     }
 

diff --git a/include/db/mysqli.inc.php b/include/db/mysqli.inc.php
index 3e4f60e7013c2dc959f390ceda47461d4081ee8a..49d7e0ce67622f03c06a958040878020ca9426b1 100644 (file)
--- a/include/db/mysqli.inc.php
+++ b/include/db/mysqli.inc.php
@@ -319,7 +319,7 @@ function serendipity_db_probe($hash, &$errs) {
 
     if (!$c) {
         $errs[] = 'Could not connect to database; check your settings.';
-        $errs[] = 'The mySQL error was: ' . mysqli_connect_error();
+        $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysqli_connect_error());
         return false;
     }
 
@@ -327,7 +327,7 @@ function serendipity_db_probe($hash, &$errs) {
 
     if ( !@mysqli_select_db($c, $hash['dbName']) ) {
         $errs[] = 'The database you specified does not exist.';
-        $errs[] = 'The mySQL error was: ' . mysqli_error($c);
+        $errs[] = 'The mySQL error was: ' . htmlspecialchars(mysqli_error($c));
         return false;
     }
 

diff --git a/include/functions_installer.inc.php b/include/functions_installer.inc.php
index 669606f2ca10901344d383b475fe3239ddaa5f9b..0edeb64550c91c431f4b2f81ae96736d4eb2c301 100644 (file)
--- a/include/functions_installer.inc.php
+++ b/include/functions_installer.inc.php
@@ -692,35 +692,35 @@ function serendipity_checkInstallation() {
 
     // Check dirs
     if (!is_dir($_POST['serendipityPath'])) {
-        $errs[] = sprintf(DIRECTORY_NON_EXISTANT, $_POST['serendipityPath']);
+        $errs[] = sprintf(DIRECTORY_NON_EXISTANT, htmlspecialchars($_POST['serendipityPath']));
     }
     /* This test has already been passed on the diagnosis page.  Besides
        it's a partially bogus test.
     elseif (!is_writable($_POST['serendipityPath']) ) {
-        $errs[] = sprintf(DIRECTORY_WRITE_ERROR, $_POST['serendipityPath']);
+        $errs[] = sprintf(DIRECTORY_WRITE_ERROR, htmlspecialchars($_POST['serendipityPath']));
     }*/
     elseif (!is_dir($_POST['serendipityPath'] . $_POST['uploadPath'] ) && @mkdir($_POST['serendipityPath'] . $_POST['uploadPath'], $umask) !== true) {
-        $errs[] = sprintf(DIRECTORY_CREATE_ERROR, $_POST['serendipityPath'] . $_POST['uploadPath']);
+        $errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath']));
     }
     elseif (!is_writable($_POST['serendipityPath'] . $_POST['uploadPath'])) {
-        $errs[] = sprintf(DIRECTORY_WRITE_ERROR, $_POST['serendipityPath'] . $_POST['uploadPath']);
-        $errs[] = sprintf(DIRECTORY_RUN_CMD    , 'chmod go+rws', $_POST['serendipityPath'] . $_POST['uploadPath']);
+        $errs[] = sprintf(DIRECTORY_WRITE_ERROR, htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath']));
+        $errs[] = sprintf(DIRECTORY_RUN_CMD    , 'chmod go+rws', htmlspecialchars($_POST['serendipityPath']) . htmlspecialchars($_POST['uploadPath']));
     }
 
     // Attempt to create the template compile directory, it might already be there, but we just want to be sure
     if (!is_dir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && @mkdir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE, $umask) !== true) {
-        $errs[] = sprintf(DIRECTORY_CREATE_ERROR, $_POST['serendipityPath'] . PATH_SMARTY_COMPILE);
-        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'mkdir'      , $_POST['serendipityPath'] . PATH_SMARTY_COMPILE);
-        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'chmod go+rwx', $_POST['serendipityPath'] . PATH_SMARTY_COMPILE);
+        $errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
+        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'mkdir'      , htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
+        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
     } elseif (is_dir($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && !is_writeable($_POST['serendipityPath'] . PATH_SMARTY_COMPILE) && @chmod($_POST['serendipityPath'] . PATH_SMARTY_COMPILE, $umask) !== true) {
-        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'chmod go+rwx', $_POST['serendipityPath'] . PATH_SMARTY_COMPILE);
+        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_SMARTY_COMPILE);
     }
 
     // Attempt to create the archives directory
     if (!is_dir($_POST['serendipityPath'] . PATH_ARCHIVES) && @mkdir($_POST['serendipityPath'] . PATH_ARCHIVES, $umask) !== true) {
-        $errs[] = sprintf(DIRECTORY_CREATE_ERROR, $_POST['serendipityPath'] . PATH_ARCHIVES);
-        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'mkdir'      , $_POST['serendipityPath'] . PATH_ARCHIVES);
-        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'chmod go+rwx', $_POST['serendipityPath'] . PATH_ARCHIVES);
+        $errs[] = sprintf(DIRECTORY_CREATE_ERROR, htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
+        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'mkdir'      , htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
+        $errs[] = sprintf(DIRECTORY_RUN_CMD     , 'chmod go+rwx', htmlspecialchars($_POST['serendipityPath']) . PATH_ARCHIVES);
     }
 
     // Check imagick