StarMC/Astral-nook
StarMC/Astral-nook
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix security vulnerability in file manager allowing XSS attack

Browse source
This commit is contained in:
Dane Everitt 2019-06-21 21:04:42 -07:00
parent cd7ec731dc
commit 06ff76e2e9
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
7 changed files with 25 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

12
public/themes/pterodactyl/js/frontend/files/src/actions.js
View file

@ -29,6 +29,10 @@ class ActionsClass {
this.element = undefined;
}
sanitizedString(value) {
return $('<div>').text(value).html();
}
folder(path) {
let inputValue
if (path) {
@ -296,7 +300,7 @@ class ActionsClass {
swal({
type: 'warning',
title: '',
text: 'Are you sure you want to delete <code>' + delName + '</code>?',
text: 'Are you sure you want to delete <code>' + this.sanitizedString(delName) + '</code>?',
html: true,
showCancelButton: true,
showConfirmButton: true,
@ -394,7 +398,7 @@ class ActionsClass {
let formattedItems = "";
let i = 0;
$.each(selectedItems, function(key, value) {
formattedItems += ("<code>" + value + "</code>, ");
formattedItems += ("<code>" + this.sanitizedString(value) + "</code>, ");
i++;
return i < 5;
});
@ -407,7 +411,7 @@ class ActionsClass {
swal({
type: 'warning',
title: '',
text: 'Are you sure you want to delete the following files: ' + formattedItems + '?',
text: 'Are you sure you want to delete the following files: ' + this.sanitizedString(formattedItems) + '?',
html: true,
showCancelButton: true,
showConfirmButton: true,
@ -536,7 +540,7 @@ class ActionsClass {
type: 'error',
title: 'Whoops!',
html: true,
text: error
text: this.sanitizedString(error)
});
});
}