mirror of
https://github.com/Mibew/mibew.git
synced 2025-02-24 15:24:33 +03:00
Fix multiple XSS (thanks to adsec2s)
This commit is contained in:
parent
fb35d4fff9
commit
84f5bca0a9
@ -697,7 +697,7 @@ function chat_start_for_user(
|
|||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal(
|
getlocal(
|
||||||
'Visitor accepted invitation from operator {0}',
|
'Visitor accepted invitation from operator {0}',
|
||||||
array($operator_name),
|
array(safe_htmlspecialchars($operator_name)),
|
||||||
get_current_locale(),
|
get_current_locale(),
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
@ -706,7 +706,7 @@ function chat_start_for_user(
|
|||||||
if ($referrer) {
|
if ($referrer) {
|
||||||
$thread->postMessage(
|
$thread->postMessage(
|
||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
|
getlocal('Visitor came from page {0}', array(safe_htmlspecialchars($referrer)), get_current_locale(), true)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($requested_operator && !$requested_operator_online) {
|
if ($requested_operator && !$requested_operator_online) {
|
||||||
@ -714,7 +714,7 @@ function chat_start_for_user(
|
|||||||
Thread::KIND_INFO,
|
Thread::KIND_INFO,
|
||||||
getlocal(
|
getlocal(
|
||||||
'Thank you for contacting us. We are sorry, but requested operator <strong>{0}</strong> is offline. Another operator will be with you shortly.',
|
'Thank you for contacting us. We are sorry, but requested operator <strong>{0}</strong> is offline. Another operator will be with you shortly.',
|
||||||
array(get_operator_name($requested_operator)),
|
array(safe_htmlspecialchars(get_operator_name($requested_operator))),
|
||||||
get_current_locale(),
|
get_current_locale(),
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
@ -731,7 +731,7 @@ function chat_start_for_user(
|
|||||||
if ($info) {
|
if ($info) {
|
||||||
$thread->postMessage(
|
$thread->postMessage(
|
||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal('Info: {0}', array($info), get_current_locale(), true)
|
getlocal('Info: {0}', array(safe_htmlspecialchars($info)), get_current_locale(), true)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -50,7 +50,7 @@ class ButtonController extends AbstractController
|
|||||||
if ($thread && $thread->state != Thread::STATE_CLOSED) {
|
if ($thread && $thread->state != Thread::STATE_CLOSED) {
|
||||||
$msg = getlocal(
|
$msg = getlocal(
|
||||||
"Visitor navigated to {0}",
|
"Visitor navigated to {0}",
|
||||||
array($referer),
|
array(safe_htmlspecialchars($referer)),
|
||||||
$thread->locale,
|
$thread->locale,
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
|
|||||||
@ -181,7 +181,7 @@ class RedirectController extends AbstractController
|
|||||||
Thread::KIND_EVENTS,
|
Thread::KIND_EVENTS,
|
||||||
getlocal(
|
getlocal(
|
||||||
'Operator {0} redirected you to another operator. Please wait a while.',
|
'Operator {0} redirected you to another operator. Please wait a while.',
|
||||||
array(get_operator_name($this->getOperator())),
|
array(safe_htmlspecialchars(get_operator_name($this->getOperator()))),
|
||||||
$thread->locale,
|
$thread->locale,
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
@ -235,7 +235,7 @@ class RedirectController extends AbstractController
|
|||||||
Thread::KIND_EVENTS,
|
Thread::KIND_EVENTS,
|
||||||
getlocal(
|
getlocal(
|
||||||
'Operator {0} redirected you to another operator. Please wait a while.',
|
'Operator {0} redirected you to another operator. Please wait a while.',
|
||||||
array(get_operator_name($this->getOperator())),
|
array(safe_htmlspecialchars(get_operator_name($this->getOperator()))),
|
||||||
$thread->locale,
|
$thread->locale,
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
|
|||||||
@ -671,7 +671,7 @@ class ThreadProcessor extends ClientSideProcessor implements
|
|||||||
if ($email) {
|
if ($email) {
|
||||||
$thread->postMessage(
|
$thread->postMessage(
|
||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
|
getlocal('E-Mail: {0}', array(safe_htmlspecialchars($email)), get_current_locale(), true)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -790,19 +790,19 @@ class ThreadProcessor extends ClientSideProcessor implements
|
|||||||
if ($referrer) {
|
if ($referrer) {
|
||||||
$thread->postMessage(
|
$thread->postMessage(
|
||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal('Visitor came from page {0}', array($referrer), get_current_locale(), true)
|
getlocal('Visitor came from page {0}', array(safe_htmlspecialchars($referrer)), get_current_locale(), true)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($email) {
|
if ($email) {
|
||||||
$thread->postMessage(
|
$thread->postMessage(
|
||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal('E-Mail: {0}', array($email), get_current_locale(), true)
|
getlocal('E-Mail: {0}', array(safe_htmlspecialchars($email)), get_current_locale(), true)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
if ($info) {
|
if ($info) {
|
||||||
$thread->postMessage(
|
$thread->postMessage(
|
||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal('Info: {0}', array($info), get_current_locale(), true)
|
getlocal('Info: {0}', array(safe_htmlspecialchars($info)), get_current_locale(), true)
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
$thread->postMessage(Thread::KIND_USER, $message, array('name' => $name));
|
$thread->postMessage(Thread::KIND_USER, $message, array('name' => $name));
|
||||||
|
|||||||
@ -758,14 +758,14 @@ class Thread
|
|||||||
if ($this->nextAgent == $operator['operatorid']) {
|
if ($this->nextAgent == $operator['operatorid']) {
|
||||||
$message_to_post = getlocal(
|
$message_to_post = getlocal(
|
||||||
"Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
|
"Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
|
||||||
array($operator_name, $this->agentName),
|
array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($this->agentName)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
} else {
|
} else {
|
||||||
$message_to_post = getlocal(
|
$message_to_post = getlocal(
|
||||||
"Operator {0} is back",
|
"Operator {0} is back",
|
||||||
array($operator_name),
|
array(safe_htmlspecialchars($operator_name)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
@ -926,7 +926,7 @@ class Thread
|
|||||||
self::KIND_EVENTS,
|
self::KIND_EVENTS,
|
||||||
getlocal(
|
getlocal(
|
||||||
"Visitor {0} left the chat",
|
"Visitor {0} left the chat",
|
||||||
array($this->userName),
|
array(safe_htmlspecialchars($this->userName)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
@ -947,7 +947,7 @@ class Thread
|
|||||||
self::KIND_EVENTS,
|
self::KIND_EVENTS,
|
||||||
getlocal(
|
getlocal(
|
||||||
"Operator {0} left the chat",
|
"Operator {0} left the chat",
|
||||||
array($this->agentName),
|
array(safe_htmlspecialchars($this->agentName)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
@ -1025,21 +1025,21 @@ class Thread
|
|||||||
if ($is_operator_changed) {
|
if ($is_operator_changed) {
|
||||||
$message = getlocal(
|
$message = getlocal(
|
||||||
"Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
|
"Operator <strong>{0}</strong> changed operator <strong>{1}</strong>",
|
||||||
array($operator_name, $this->agentName),
|
array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($this->agentName)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
} elseif ($is_operator_joined) {
|
} elseif ($is_operator_joined) {
|
||||||
$message = getlocal(
|
$message = getlocal(
|
||||||
"Operator {0} joined the chat",
|
"Operator {0} joined the chat",
|
||||||
array($operator_name),
|
array(safe_htmlspecialchars($operator_name)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
} elseif ($is_operator_back) {
|
} elseif ($is_operator_back) {
|
||||||
$message = getlocal(
|
$message = getlocal(
|
||||||
"Operator {0} is back",
|
"Operator {0} is back",
|
||||||
array($operator_name),
|
array(safe_htmlspecialchars($operator_name)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
@ -1083,7 +1083,7 @@ class Thread
|
|||||||
// Send message about renaming
|
// Send message about renaming
|
||||||
$message = getlocal(
|
$message = getlocal(
|
||||||
"The visitor changed their name <strong>{0}</strong> to <strong>{1}</strong>",
|
"The visitor changed their name <strong>{0}</strong> to <strong>{1}</strong>",
|
||||||
array($old_name, $new_name),
|
array(safe_htmlspecialchars($old_name), safe_htmlspecialchars($new_name)),
|
||||||
$this->locale,
|
$this->locale,
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
|
|||||||
@ -125,7 +125,7 @@ function invitation_invite($visitor_id, $operator)
|
|||||||
Thread::KIND_FOR_AGENT,
|
Thread::KIND_FOR_AGENT,
|
||||||
getlocal(
|
getlocal(
|
||||||
'Operator {0} invites visitor at {1} page',
|
'Operator {0} invites visitor at {1} page',
|
||||||
array($operator_name, $last_visited_page),
|
array(safe_htmlspecialchars($operator_name), safe_htmlspecialchars($last_visited_page)),
|
||||||
get_current_locale(),
|
get_current_locale(),
|
||||||
true
|
true
|
||||||
)
|
)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user