From 13e5ac59a6404a47354fe71817251fae365a692b Mon Sep 17 00:00:00 2001 From: Evgeny Gryaznov Date: Wed, 16 Feb 2011 02:17:30 +0100 Subject: [PATCH] fix XSS problem in leavemessage --- src/messenger/webim/libs/chat.php | 2 +- .../styles/default/templates/leavemessage.tpl | 2 +- .../original/templates/leavemessage.tpl | 2 +- .../simplicity/templates/leavemessage.tpl | 182 +++++++++--------- 4 files changed, 94 insertions(+), 94 deletions(-) diff --git a/src/messenger/webim/libs/chat.php b/src/messenger/webim/libs/chat.php index 95fa28bf..12265da8 100644 --- a/src/messenger/webim/libs/chat.php +++ b/src/messenger/webim/libs/chat.php @@ -288,7 +288,7 @@ function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info $page['showcaptcha'] = $settings["enablecaptcha"] == "1" && $canshowcaptcha ? "1" : ""; $page['formgroupid'] = $groupid; $page['formgroupname'] = $groupname; - $page['info'] = topage($info); + $page['forminfo'] = topage($info); $page['referrer'] = urlencode(topage($referrer)); } diff --git a/src/messenger/webim/styles/default/templates/leavemessage.tpl b/src/messenger/webim/styles/default/templates/leavemessage.tpl index 119cf7b8..ebe482e3 100644 --- a/src/messenger/webim/styles/default/templates/leavemessage.tpl +++ b/src/messenger/webim/styles/default/templates/leavemessage.tpl @@ -43,7 +43,7 @@
- + ${if:formgroupid}${endif:formgroupid} diff --git a/src/messenger/webim/styles/original/templates/leavemessage.tpl b/src/messenger/webim/styles/original/templates/leavemessage.tpl index cee0ec1a..28c6f90a 100644 --- a/src/messenger/webim/styles/original/templates/leavemessage.tpl +++ b/src/messenger/webim/styles/original/templates/leavemessage.tpl @@ -28,7 +28,7 @@ - + ${if:formgroupid}${endif:formgroupid}
diff --git a/src/messenger/webim/styles/simplicity/templates/leavemessage.tpl b/src/messenger/webim/styles/simplicity/templates/leavemessage.tpl index e3c692a7..dfd58110 100644 --- a/src/messenger/webim/styles/simplicity/templates/leavemessage.tpl +++ b/src/messenger/webim/styles/simplicity/templates/leavemessage.tpl @@ -1,91 +1,91 @@ - - - -${msg:leavemessage.title} - - - - -
- - - - - ${if:formgroupid}${endif:formgroupid} -
- - - - - - - - - - -
-

${if:formgroupname}${form:groupname}: ${endif:formgroupname}${msg:leavemessage.title}

-
- - - - - ${if:errors} - - - - ${endif:errors} - - - - - - - - - - - - -${if:showcaptcha} - - - - -${endif:showcaptcha} -
- ${msg:leavemessage.descr} -
- - - - - -
${errors}
-
${msg:form.field.email}:
${msg:form.field.name}:
${msg:form.field.message}:
-
- - - - - -
${msg:leavemessage.perform}${msg:leavemessage.perform}
- 		- - - - - -
${msg:page.chat.old_browser.close}${msg:page.chat.old_browser.close}
-
-
- - - - - - - - + + + +${msg:leavemessage.title} + + + + +
+
+ + + + ${if:formgroupid}${endif:formgroupid} + + + + + + + + + + + +
+

${if:formgroupname}${form:groupname}: ${endif:formgroupname}${msg:leavemessage.title}

+
+ + + + + ${if:errors} + + + + ${endif:errors} + + + + + + + + + + + + +${if:showcaptcha} + + + + +${endif:showcaptcha} +
+ ${msg:leavemessage.descr} +
+ + + + + +
${errors}
+
${msg:form.field.email}:
${msg:form.field.name}:
${msg:form.field.message}:
+
+ + + + + +
${msg:leavemessage.perform}${msg:leavemessage.perform}
+ 		+ + + + + +
${msg:page.chat.old_browser.close}${msg:page.chat.old_browser.close}
+
+
+ + + + + +
+ +