From c0f52ecf286be4f12d71236208bddbb44ebee514 Mon Sep 17 00:00:00 2001
From: Marcin Kurczewski <mkurczew@gmail.com>
Date: Sat, 22 Feb 2014 23:37:30 +0100
Subject: [PATCH] Fixed HTML injection in some forms

---
 src/Views/log-view.phtml          | 2 +-
 src/Views/post-edit.phtml         | 6 +++---
 src/Views/post-view.phtml         | 2 +-
 src/Views/tag-mass-tag.phtml      | 4 ++--
 src/Views/user-edit.phtml         | 8 ++++----
 src/Views/user-registration.phtml | 8 ++++----
 6 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/Views/log-view.phtml b/src/Views/log-view.phtml
index aa8d5ad6..91cf6ccc 100644
--- a/src/Views/log-view.phtml
+++ b/src/Views/log-view.phtml
@@ -13,7 +13,7 @@ LayoutHelper::setSubTitle('logs (' . $name . ')');
 	<form action="<?php echo \Chibi\UrlHelper::route('log', 'view', ['name' => $this->context->transport->name]) ?>" method="get">
 		Keep only lines that contain:
 
-		<input type="text" name="query" value="<?php echo $this->context->transport->filter ?>" placeholder="any text&hellip;"/>
+		<input type="text" name="query" value="<?php echo htmlspecialchars($this->context->transport->filter) ?>" placeholder="any text&hellip;"/>
 	</form>
 
 	<div class="paginator-content">
diff --git a/src/Views/post-edit.phtml b/src/Views/post-edit.phtml
index 1b89afdc..4d2d2ab7 100644
--- a/src/Views/post-edit.phtml
+++ b/src/Views/post-edit.phtml
@@ -17,15 +17,15 @@
 	<?php if (PrivilegesHelper::confirm(Privilege::EditPostTags, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->getUploader()))): ?>
 		<div class="form-row tags">
 			<label for="tags">Tags:</label>
-			<div class="input-wrapper"><input type="text" name="tags" id="tags" placeholder="enter some tags&hellip;" value="<?php echo join(',', array_map(function($tag) { return $tag->name; }, $this->context->transport->post->getTags())) ?>"/></div>
+			<div class="input-wrapper"><input type="text" name="tags" id="tags" placeholder="enter some tags&hellip;" value="<?php echo join(',', array_map(function($tag) { return htmlspecialchars($tag->name); }, $this->context->transport->post->getTags())) ?>"/></div>
 		</div>
-		<input type="hidden" name="edit-token" id="edit-token" value="<?php echo $this->context->transport->post->getEditToken() ?>"/>
+		<input type="hidden" name="edit-token" id="edit-token" value="<?php echo htmlspecialchars($this->context->transport->post->getEditToken()) ?>"/>
 	<?php endif ?>
 
 	<?php if (PrivilegesHelper::confirm(Privilege::EditPostSource, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->post->getUploader()))): ?>
 		<div class="form-row source">
 			<label for="source">Source:</label>
-			<div class="input-wrapper"><input type="text" name="source" id="source" value="<?php echo $this->context->transport->post->source ?>"/></div>
+			<div class="input-wrapper"><input type="text" name="source" id="source" value="<?php echo htmlspecialchars($this->context->transport->post->source) ?>"/></div>
 		</div>
 	<?php endif ?>
 
diff --git a/src/Views/post-view.phtml b/src/Views/post-view.phtml
index b6ab3649..bd489c5a 100644
--- a/src/Views/post-view.phtml
+++ b/src/Views/post-view.phtml
@@ -106,7 +106,7 @@ $canEditAnything = count(array_filter($editPostPrivileges)) > 0;
 		<div class="key-value source">
 			<span class="key">Source:</span>
 			<span class="value" title="<?php echo $val = htmlspecialchars($this->context->transport->post->source ?: 'unknown') ?>">
-				<?php if (preg_match('/^((https?|ftp):|)\/\//', $val)): ?>
+				<?php if (preg_match('/^((https?|ftp):|)\/\//', $this->context->transport->post->source)): ?>
 					<a href="<?php echo $val ?>"><?php echo $val ?></a>
 				<?php else: ?>
 					<?php echo $val ?>
diff --git a/src/Views/tag-mass-tag.phtml b/src/Views/tag-mass-tag.phtml
index 621525cd..70853c89 100644
--- a/src/Views/tag-mass-tag.phtml
+++ b/src/Views/tag-mass-tag.phtml
@@ -4,12 +4,12 @@
 
 		<div class="form-row">
 			<label for="mass-tag-query">Search query:</label>
-			<div class="input-wrapper"><input class="autocomplete" type="text" name="query" id="mass-tag-query" value="<?php echo isset($this->context->massTagQuery) ? $this->context->massTagQuery : '' ?>"/></div>
+			<div class="input-wrapper"><input class="autocomplete" type="text" name="query" id="mass-tag-query" value="<?php echo isset($this->context->massTagQuery) ? htmlspecialchars($this->context->massTagQuery) : '' ?>"/></div>
 		</div>
 
 		<div class="form-row">
 			<label for="mass-tag-tag">Tag:</label>
-			<div class="input-wrapper"><input class="autocomplete" type="text" name="tag" id="mass-tag-tag" value="<?php echo isset($this->context->massTagTag) ? $this->context->massTagTag : '' ?>"/></div>
+			<div class="input-wrapper"><input class="autocomplete" type="text" name="tag" id="mass-tag-tag" value="<?php echo isset($this->context->massTagTag) ? htmlspecialchars($this->context->massTagTag) : '' ?>"/></div>
 		</div>
 
 		<input type="hidden" name="submit" value="1"/>
diff --git a/src/Views/user-edit.phtml b/src/Views/user-edit.phtml
index d6da359a..299c75c6 100644
--- a/src/Views/user-edit.phtml
+++ b/src/Views/user-edit.phtml
@@ -10,25 +10,25 @@
 	<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserName, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 		<div class="form-row nickname">
 			<label for="name">Name:</label>
-			<div class="input-wrapper"><input type="text" name="name" id="name" placeholder="New name&hellip;" value="<?php echo $this->context->suppliedName ?>"/></div>
+			<div class="input-wrapper"><input type="text" name="name" id="name" placeholder="New name&hellip;" value="<?php echo htmlspecialchars($this->context->suppliedName) ?>"/></div>
 		</div>
 	<?php endif ?>
 
 	<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserEmail, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 		<div class="form-row email">
 			<label for="name">E-mail:</label>
-			<div class="input-wrapper"><input type="text" name="email" id="email" placeholder="New e-mail&hellip;" value="<?php echo $this->context->suppliedEmail ?>"/></div>
+			<div class="input-wrapper"><input type="text" name="email" id="email" placeholder="New e-mail&hellip;" value="<?php echo htmlspecialchars($this->context->suppliedEmail) ?>"/></div>
 		</div>
 	<?php endif ?>
 
 	<?php if (PrivilegesHelper::confirm(Privilege::ChangeUserPassword, PrivilegesHelper::getIdentitySubPrivilege($this->context->transport->user))): ?>
 		<div class="form-row password1">
 			<label for="password1">New password:</label>
-			<div class="input-wrapper"><input type="password" name="password1" id="password1" placeholder="New password&hellip;" value="<?php echo $this->context->suppliedPassword1 ?>"/></div>
+			<div class="input-wrapper"><input type="password" name="password1" id="password1" placeholder="New password&hellip;" value="<?php echo htmlspecialchars($this->context->suppliedPassword1) ?>"/></div>
 		</div>
 		<div class="form-row password2">
 			<label for="password2"></label>
-			<div class="input-wrapper"><input type="password" name="password2" id="password2" placeholder="New password&hellip; (repeat)" value="<?php echo $this->context->suppliedPassword2 ?>"/></div>
+			<div class="input-wrapper"><input type="password" name="password2" id="password2" placeholder="New password&hellip; (repeat)" value="<?php echo htmlspecialchars($this->context->suppliedPassword2) ?>"/></div>
 		</div>
 	<?php endif ?>
 
diff --git a/src/Views/user-registration.phtml b/src/Views/user-registration.phtml
index a7599403..e4a0e5f3 100644
--- a/src/Views/user-registration.phtml
+++ b/src/Views/user-registration.phtml
@@ -14,22 +14,22 @@ LayoutHelper::setSubTitle('registration form');
 
 		<div class="form-row">
 			<label for="name">User name:</label>
-			<div class="input-wrapper"><input type="text" id="name" name="name" value="<?php echo $this->context->suppliedName ?>" placeholder="e.g. darth_vader" autocomplete="off"/></div>
+			<div class="input-wrapper"><input type="text" id="name" name="name" value="<?php echo htmlspecialchars($this->context->suppliedName) ?>" placeholder="e.g. darth_vader" autocomplete="off"/></div>
 		</div>
 
 		<div class="form-row">
 			<label for="password1">Password:</label>
-			<div class="input-wrapper"><input type="password" id="password1" name="password1" value="<?php echo $this->context->suppliedPassword1 ?>" placeholder="e.g. <?php echo str_repeat('&#x25cf;', 8) ?>" autocomplete="off"/></div>
+			<div class="input-wrapper"><input type="password" id="password1" name="password1" value="<?php echo htmlspecialchars($this->context->suppliedPassword1) ?>" placeholder="e.g. <?php echo str_repeat('&#x25cf;', 8) ?>" autocomplete="off"/></div>
 		</div>
 
 		<div class="form-row">
 			<label for="password2">Password (repeat):</label>
-			<div class="input-wrapper"><input type="password" id="password2" name="password2" value="<?php echo $this->context->suppliedPassword2 ?>" placeholder="e.g. <?php echo str_repeat('&#x25cf;', 8) ?>" autocomplete="off"/></div>
+			<div class="input-wrapper"><input type="password" id="password2" name="password2" value="<?php echo htmlspecialchars($this->context->suppliedPassword2) ?>" placeholder="e.g. <?php echo str_repeat('&#x25cf;', 8) ?>" autocomplete="off"/></div>
 		</div>
 
 		<div class="form-row">
 			<label for="email">E-mail address:</label>
-			<div class="input-wrapper"><input type="text" id="email" name="email" value="<?php echo $this->context->suppliedEmail ?>" placeholder="e.g. vader@empire.gov" autocomplete="off"/></div>
+			<div class="input-wrapper"><input type="text" id="email" name="email" value="<?php echo htmlspecialchars($this->context->suppliedEmail) ?>" placeholder="e.g. vader@empire.gov" autocomplete="off"/></div>
 		</div>
 
 		<p id="email-info">Your e-mail will be used to show your <a href="http://gravatar.com/">Gravatar</a>.<br/>Leave blank for random Gravatar.</p>