michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-02-03 06:03:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix self-XSS when downloading a file

Browse Source 
Reported by: Rushikesh Kaware
[build]
This commit is contained in:
Ilia Ross
2024-01-20 12:36:11 +02:00
parent 70a15314c0
commit a6f5e593b0
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
updown/download.cgi
View File

@@ -22,7 +22,7 @@ foreach $u (@urls) {
$host = $1; $page = $3;
}
else {
&error(&text('download_eurl', $u));
&error(&text('download_eurl', &html_escape($u)));
}
if ($host =~ /^([^:\@]+):([^:\@]+)\@(\S+)/) {
$user = $1;
@@ -41,13 +41,14 @@ foreach $u (@urls) {
}
$in{'dir'} || &error($text{'upload_edir'});
&can_write_file($in{'dir'}) ||
&error(&text('download_eaccess', "<tt>$in{'dir'}</tt>", $!));
&error(&text('download_eaccess',
"<tt>".&html_escape($in{'dir'})."</tt> : " . $!));
$download{'dir'} = $in{'dir'};
if ($can_mode != 3) {
# User can be entered
scalar(@uinfo = getpwnam($in{'user'})) || &error($text{'upload_euser'});
&can_as_user($in{'user'}) ||
&error(&text('download_eucannot', $in{'user'}));
&error(&text('download_eucannot', &html_escape($in{'user'})));
$download{'uid'} = $uinfo[2];
$in{'group_def'} || scalar(@ginfo = getgrnam($in{'group'})) ||
&error($text{'upload_egroup'});
@@ -149,7 +150,7 @@ else {
}
}
if ($error) {
print "<p><b>",&text('download_failed', $error),"</b><p>\n";
print "<p><b>",&text('download_failed', &html_escape($error)),"</b><p>\n";
}
&ui_print_footer("index.cgi?mode=download", $text{'index_return'});