More XSS fixes:

create-alias.php, edit-alias.php:
- fix XSS in error message
    
templates/admin_list-domain.php:
- fix XSS (by values stored in the database) in "description" field

templates/fetchmail.php:
- fix XSS (by values stored in the database) in any field

templates/list-virtual.php:
- fix XSS (by values stored in the database) in "name" field

+ CHANGELOG.TXT update

Again, thanks to Filippo Cavallarin for pointing out those issues.


git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/branches/postfixadmin-2.3@1330 a1433add-5e2c-0410-b055-b7f2511e0802

CHANGELOG.TXT

@@ -21,6 +21,9 @@ SVN changes since 2.3.4 release (postfixadmin-2.3 branch)
              contain malicious SQL. Double-check before using them!
   - fix XSS with $_GET[domain] in templates/menu.php and edit-vacation
   - fix XSS in some create-domain input fields
+  - fix XSS in create-alias and edit-alias error message
+  - fix XSS (by values stored in the database) in fetchmail list view,
+    list-domain and list-virtual
   - create-domain: fix SQL injection (only exploitable by superadmins)
   - add missing $LANG['pAdminDelete_admin_error']
   - don't mark mailbox targets with recipient delimiter as "forward only"

create-alias.php

@@ -133,7 +133,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
            $error = 1; 
            $tGoto = $goto; 
            if (!empty($tMessage)) $tMessage .= "<br />";
-           $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . "$address</span>"; 
+           $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . htmlentities($address) . "</span>"; 
        }
     }
     

edit-alias.php

@@ -129,7 +129,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
             $error = 1;
             $tGoto = $goto;
             if (!empty($tMessage)) $tMessage .= "<br />";
-            $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . "$address</span>";
+            $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . htmlentities($address) . "</span>"; 
         }
     }
 

templates/admin_list-domain.php

@@ -50,7 +50,7 @@ if (sizeof ($domain_properties) > 0)
       {
          print "   <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
          print "<td><a href=\"list-virtual.php?domain=" . $domain_properties[$i]['domain'] . "\">" . $domain_properties[$i]['domain'] . "</a></td>";
-         print "<td>" . $domain_properties[$i]['description'] . "</td>";
+         print "<td>" . htmlentities($domain_properties[$i]['description']) . "</td>";
          print "<td>" . $domain_properties[$i]['alias_count'] . " / " . $domain_properties[$i]['aliases'] . "</td>";
          print "<td>" . $domain_properties[$i]['mailbox_count'] . " / " . $domain_properties[$i]['mailboxes'] . "</td>";
          if ($CONF['quota'] == 'YES')

templates/fetchmail.php

@@ -41,7 +41,7 @@ if ($edit || $new) { # edit mode
             list($editible,$view,$type)=$fm_struct[$key];
             if ($view){
                $func="_listview_".$type;
-               print "      <td nowrap>" . (function_exists($func)?$func($val):$val) . "</td>\n";
+               print "      <td nowrap>" . htmlentities(function_exists($func)?$func($val):$val) . "</td>\n";
             }
 
          }

templates/list-virtual.php

@@ -314,7 +314,7 @@ if (sizeof ($tMailbox) > 0) {
          }
 
 
-         print "      <td>" . $tMailbox[$i]['name'] . "</td>\n";
+         print "      <td>" . htmlentities($tMailbox[$i]['name']) . "</td>\n";
          if ($CONF['quota'] == 'YES')
          {
             print "      <td>";