From ba2853caac636d2ae596d74561fa0233567242d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9my=20DECOOL?= Date: Sun, 12 Feb 2017 11:01:36 +0100 Subject: Prevent target='_blank' vulnerability on dynamic link --- include/feedbrowser.php | 8 ++++---- include/functions2.php | 20 +++++++++++--------- 2 files changed, 15 insertions(+), 13 deletions(-) (limited to 'include') diff --git a/include/feedbrowser.php b/include/feedbrowser.php index 4772420ab..ec4efe15a 100644 --- a/include/feedbrowser.php +++ b/include/feedbrowser.php @@ -59,12 +59,12 @@ $class = ($feedctr % 2) ? "even" : "odd"; - $site_url = " ". htmlspecialchars($line["title"]).""; - $feed_url = ""; @@ -87,12 +87,12 @@ $archived = ''; } - $site_url = " ". htmlspecialchars($line["title"]).""; - $feed_url = ""; diff --git a/include/functions2.php b/include/functions2.php index d490ae50c..96274b6a0 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -955,6 +955,7 @@ $a->appendChild(new DOMText($entry->getAttribute('src'))); $a->setAttribute('target', '_blank'); + $a->setAttribute('rel', 'noopener noreferrer'); $p->appendChild($a); @@ -964,6 +965,7 @@ if (strtolower($entry->nodeName) == "a") { $entry->setAttribute("target", "_blank"); + $entry->setAttribute("rel", "noopener noreferrer"); } } @@ -1249,7 +1251,7 @@ "; } - if ($entry) $entry .= "  " . basename($url) . ""; return $entry; @@ -1260,7 +1262,7 @@ /* $filename = substr($url, strrpos($url, "/")+1); - $entry .= " " . + $entry .= " " . $filename . " (" . $ctype . ")" . ""; */ } @@ -1332,12 +1334,12 @@ $comments_url = htmlspecialchars($line["link"]); } $entry_comments = "$num_comments ". + target='_blank' rel=\"noopener noreferrer\" href=\"$comments_url\">$num_comments ". _ngettext("comment", "comments", $num_comments).""; } else { if ($line["comments"] && $line["link"] != $line["comments"]) { - $entry_comments = "".__("comments").""; + $entry_comments = "".__("comments").""; } } @@ -1373,7 +1375,7 @@ $rv['content'] .= "
$parsed_updated
"; if ($line["link"]) { - $rv['content'] .= "
" . @@ -1442,13 +1444,13 @@ $tmp_line = db_fetch_assoc($tmp_result); - $rv['content'] .= "" . $tmp_line['title'] . ""; $rv['content'] .= " "; - $rv['content'] .= ""; + $rv['content'] .= ""; $rv['content'] .= ""; $rv['content'] .= "
"; @@ -1957,7 +1959,7 @@ if ($player) array_push($entries_inline, $player); -# $entry .= " " . +# $entry .= " " . # $filename . " (" . $ctype . ")" . ""; $entry = "

"; } else { - $rv .= "

" .htmlspecialchars($entry["url"]) . "

"; } -- cgit v1.2.3