Skip to content

Commit 9a0f5e9

Browse files
SeigerSeiger
committed
[FIX] CVE-2023-43340-Evolution-Reflected-XSS---Installation-Admin-Options (GHSA-432f-967f-vxg4).
1 parent 770a6f3 commit 9a0f5e9

File tree

6 files changed

+62
-136
lines changed

6 files changed

+62
-136
lines changed

install/src/controllers/connection.php

+7-9
Original file line numberDiff line numberDiff line change
@@ -6,9 +6,7 @@
66
if ($installMode === 0) {
77
$database_name = '';
88
$database_server = 'localhost';
9-
$table_prefix = base_convert(mt_rand(10, 20), 10, 36) .
10-
substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyz'), mt_rand(0, 33), 3) .
11-
'_';
9+
$table_prefix = base_convert(mt_rand(10, 20), 10, 36) . substr(str_shuffle('0123456789abcdefghijklmnopqrstuvwxyz'), mt_rand(0, 33), 3) . '_';
1210
} else {
1311
$database_name = '';
1412

@@ -66,17 +64,17 @@
6664
$database_connection_method = 'SET CHARACTER SET';
6765
}
6866

69-
$ph['database_name'] = isset($_POST['database_name']) ? $_POST['database_name'] : $database_name;
70-
$ph['tableprefix'] = isset($_POST['tableprefix']) ? $_POST['tableprefix'] : $table_prefix;
67+
$ph['database_name'] = isset($_POST['database_name']) ? strip_tags($_POST['database_name']) : $database_name;
68+
$ph['tableprefix'] = isset($_POST['tableprefix']) ? strip_tags($_POST['tableprefix']) : $table_prefix;
7169
$ph['selected_set_character_set'] = isset($database_connection_method) && $database_connection_method === 'SET CHARACTER SET' ? 'selected' : '';
7270
$ph['selected_set_names'] = isset($database_connection_method) && $database_connection_method === 'SET NAMES' ? 'selected' : '';
7371
$ph['show#connection_method'] = (($installMode == 0) || ($installMode == 2)) ? 'block' : 'none';
7472
$ph['database_collation'] = isset($_POST['database_collation']) ? $_POST['database_collation'] : $database_collation;
7573
$ph['show#AUH'] = ($installMode == 0) ? 'block' : 'none';
76-
$ph['cmsadmin'] = isset($_POST['cmsadmin']) ? $_POST['cmsadmin'] : 'admin';
77-
$ph['cmsadminemail'] = isset($_POST['cmsadminemail']) ? $_POST['cmsadminemail'] : '';
78-
$ph['cmspassword'] = isset($_POST['cmspassword']) ? $_POST['cmspassword'] : '';
79-
$ph['cmspasswordconfirm'] = isset($_POST['cmspasswordconfirm']) ? $_POST['cmspasswordconfirm'] : '';
74+
$ph['cmsadmin'] = isset($_POST['cmsadmin']) ? strip_tags($_POST['cmsadmin']) : 'admin';
75+
$ph['cmsadminemail'] = isset($_POST['cmsadminemail']) ? strip_tags($_POST['cmsadminemail']) : '';
76+
$ph['cmspassword'] = isset($_POST['cmspassword']) ? strip_tags($_POST['cmspassword']) : '';
77+
$ph['cmspasswordconfirm'] = isset($_POST['cmspasswordconfirm']) ? strip_tags($_POST['cmspasswordconfirm']) : '';
8078
$ph['managerLangs'] = getLangs($install_language);
8179
$ph['install_language'] = $install_language;
8280
$ph['installMode'] = $installMode;

0 commit comments

Comments
 (0)