Skip to content

Commit 4210d5e

Browse files
ZallaxDevfwolf-ilias
ZallaxDev
authored and
fwolf-ilias
committed
Survey: Stored XSS with TinyMCE
Signed-off-by: Releasemanager <webmaster@ilias.de>
1 parent dbe23c6 commit 4210d5e

3 files changed

Lines changed: 26 additions & 11 deletions

File tree

components/ILIAS/Survey/Editing/class.ilSurveyEditorGUI.php

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1027,14 +1027,13 @@ public function saveHeadingObject(): void
10271027

10281028
$form = $this->initHeadingForm($q_id);
10291029
if ($form->checkInput()) {
1030-
$this->object->saveHeading(
1031-
ilUtil::stripSlashes(
1032-
$form->getInput("heading"),
1033-
true,
1034-
ilObjAdvancedEditing::_getUsedHTMLTagsAsString("survey")
1035-
),
1036-
$form->getInput("insertbefore")
1037-
);
1030+
$tags = ilObjAdvancedEditing::_getUsedHTMLTags("survey");
1031+
$purifier = new HTMLPurifier($tags);
1032+
$heading = $form->getInput("heading");
1033+
1034+
$heading = $purifier->purify($heading);
1035+
1036+
$this->object->saveHeading($heading, $form->getInput("insertbefore"));
10381037
$this->ctrl->redirect($this, "questions");
10391038
}
10401039

components/ILIAS/Survey/Settings/class.SettingsFormGUI.php

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,11 @@
2020

2121
namespace ILIAS\Survey\Settings;
2222

23+
use HTMLPurifier;
2324
use ILIAS\Survey\InternalGUIService;
2425
use ILIAS\Survey\Mode\UIModifier;
2526
use ILIAS\Survey\InternalDomainService;
27+
use ilObjAdvancedEditing;
2628

2729
/**
2830
* Settings form
@@ -883,8 +885,15 @@ public function saveForm(
883885
} else {
884886
$survey->setEndDate("");
885887
}
886-
$survey->setIntroduction($form->getInput("introduction"));
887-
$survey->setOutro($form->getInput("outro"));
888+
$tags = ilObjAdvancedEditing::_getUsedHTMLTags("survey");
889+
$purifier = new HTMLPurifier($tags);
890+
891+
$introduction = $form->getInput("introduction");
892+
$introduction = $purifier->purify($introduction);
893+
$survey->setIntroduction($introduction);
894+
$outro = $form->getInput("outro");
895+
$outro = $purifier->purify($outro);
896+
$survey->setOutro($outro);
888897
$survey->setShowQuestionTitles((bool) $form->getInput("show_question_titles"));
889898

890899
// "separate mail for each participant finished"

components/ILIAS/SurveyQuestionPool/Questions/class.SurveyQuestionGUI.php

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -328,7 +328,14 @@ protected function saveForm(): bool
328328
$this->object->label = ($form->getInput("label"));
329329
$this->object->setAuthor($form->getInput("author"));
330330
$this->object->setDescription($form->getInput("description"));
331-
$this->object->setQuestiontext($form->getInput("question"));
331+
332+
$tags = ilObjAdvancedEditing::_getUsedHTMLTags("survey");
333+
$purifier = new HTMLPurifier($tags);
334+
$question = $form->getInput("question");
335+
336+
$question = $purifier->purify($question);
337+
338+
$this->object->setQuestiontext($question);
332339
$this->object->setObligatory($form->getInput("obligatory"));
333340

334341
$this->importEditFormValues($form);

0 commit comments

Comments
 (0)