check possible xss in ajax folder

glpi-project · Sep 25, 2024 · 185504b · 185504b
1 parent 0423a32
commit 185504b
Show file tree

Hide file tree

Showing 16 changed files with 37 additions and 37 deletions.
diff --git a/ajax/actorinformation.php b/ajax/actorinformation.php
@@ -122,12 +122,12 @@
 $ticket = new Ticket();
 
 $url = $ticket->getSearchURL() . "?" . Toolbox::append_params($options2, '&amp;');
-$nb  = $ticket->{$method}($actor_id);
+$nb  = (int) $ticket->{$method}($actor_id);
 
 if ($only_number) {
     echo "<a href='$url'>" . $nb . "</a>";
 } else {
     echo "&nbsp;<a href='$url' title=\"" . __s('Processing') . "\">(";
-    printf(__('%1$s: %2$s'), __('Processing'), $nb);
+    printf(__s('%1$s: %2$s'), __('Processing'), $nb);
     echo ")</a>";
 }
diff --git a/ajax/central.php b/ajax/central.php
@@ -94,5 +94,5 @@
         }
         break;
     default:
-        echo __('Invalid widget');
+        echo __s('Invalid widget');
 }
diff --git a/ajax/comments.php b/ajax/comments.php
@@ -84,9 +84,9 @@
             echo(implode("<br>", $comments));
 
             if (isset($_POST['withlink']) && $link !== null) {
-                echo "<script type='text/javascript' >\n";
+                echo "<script type='text/javascript' >";
                 echo Html::jsGetElementbyID($_POST['withlink']) . ".attr('href', '" . htmlspecialchars($link) . "');";
-                echo "</script>\n";
+                echo "</script>";
             }
             break;
 
@@ -125,19 +125,19 @@
                 }
                 $tmpname = Dropdown::getDropdownName($table, $_POST["value"], 1);
                 if (is_array($tmpname) && isset($tmpname["comment"])) {
-                    echo $tmpname["comment"];
+                    echo htmlspecialchars($tmpname["comment"]);
                 }
 
                 if (isset($_POST['withlink'])) {
-                    echo "<script type='text/javascript' >\n";
+                    echo "<script type='text/javascript' >";
                     echo Html::jsGetElementbyID($_POST['withlink']) . ".
                     attr('href', '" . $_POST['itemtype']::getFormURLWithID($_POST["value"]) . "');";
-                    echo "</script>\n";
+                    echo "</script>";
                 }
 
                 if (isset($_POST['with_dc_position'])) {
                     $item = getItemForItemtype($_POST['itemtype']);
-                    echo "<script type='text/javascript' >\n";
+                    echo "<script type='text/javascript' >";
 
                     //if item have a DC position (reload url to it's rack)
                     if (
@@ -150,7 +150,7 @@
                         //remove old dc position
                         echo Html::jsGetElementbyID($_POST['with_dc_position']) . ".empty();";
                     }
-                    echo "</script>\n";
+                    echo "</script>";
                 }
             }
     }

diff --git a/ajax/dcroom_size.php b/ajax/dcroom_size.php
@@ -61,5 +61,5 @@
         ]
     );
 } else {
-    echo "<div class='col-form-label'>" . __('No room found or selected') . "</div>";
+    echo "<div class='col-form-label'>" . __s('No room found or selected') . "</div>";
 }
diff --git a/ajax/dropdownAllItems.php b/ajax/dropdownAllItems.php
@@ -123,6 +123,6 @@
             $params
         );
 
-        echo "<br><span id='showItemSpecificity_" . $name . "$rand'>&nbsp;</span>\n";
+        echo "<br><span id='showItemSpecificity_" . $name . "$rand'>&nbsp;</span>";
     }
 }
diff --git a/ajax/dropdownConnectNetworkPortDeviceType.php b/ajax/dropdownConnectNetworkPortDeviceType.php
@@ -82,5 +82,5 @@
     Dropdown::show($_POST['itemtype'], $params);
 
     echo "<span id='results_item_$rand'>";
-    echo "</span>\n";
+    echo "</span>";
 }
diff --git a/ajax/dropdownItilActors.php b/ajax/dropdownItilActors.php
@@ -231,7 +231,7 @@
                         echo '<br>';
                         printf(
                             __('%1$s: %2$s'),
-                            _n('Email', 'Emails', 1),
+                            _sn('Email', 'Emails', 1),
                             "<input type='text' size='25' name='_itil_" . $_POST["actortype"] .
                             "[alternative_email]'>"
                         );

diff --git a/ajax/dropdownMassiveActionAddValidator.php b/ajax/dropdownMassiveActionAddValidator.php
@@ -112,7 +112,7 @@
                 $param
             );
 
-            echo "<br><span id='show_groups_users'>&nbsp;</span>\n";
+            echo "<br><span id='show_groups_users'>&nbsp;</span>";
             break;
 
         case $types_mapping['list_users']:
@@ -141,7 +141,7 @@
 
             Dropdown::showFromArray($items_id_name, $users, $param);
 
-            echo "<br><br>" . __('Comments') . " ";
+            echo "<br><br>" . __s('Comments') . " ";
             echo "<textarea name='comment_submission' cols='50' rows='6'></textarea>&nbsp;";
 
             echo "<input type='submit' name='add' value=\"" . _sx('button', 'Add') . "\" class='btn btn-primary'>";

diff --git a/ajax/dropdownShowIPNetwork.php b/ajax/dropdownShowIPNetwork.php
@@ -39,8 +39,8 @@
 $network = new IPNetwork();
 
 if ($_POST['ipnetworks_id'] && $network->can($_POST['ipnetworks_id'], READ)) {
-    echo "<br>\n";
-    echo "<a href='" . $network->getLinkURL() . "'>" . $network->fields['completename'] . "</a><br>\n";
+    echo "<br>";
+    echo "<a href='" . $network->getLinkURL() . "'>" . htmlspecialchars($network->fields['completename']) . "</a><br>";
 
     $address = $network->getAddress()->getTextual();
     $netmask = $network->getNetmask()->getTextual();
@@ -52,10 +52,10 @@
     $network->computeNetworkRange($start, $end);
 
    //TRANS: %1$s is address, %2$s is netmask
-    printf(__('IP network: %1$s/%2$s') . "<br>\n", $address, $netmask);
-    printf(__('First/last addresses: %1$s/%2$s'), $start->getTextual(), $end->getTextual());
+    printf(__s('IP network: %1$s/%2$s') . "<br>", $address, $netmask);
+    printf(__s('First/last addresses: %1$s/%2$s'), $start->getTextual(), $end->getTextual());
     if (!empty($gateway)) {
-        echo "<br>\n";
-        printf(__('Gateway: %s') . "\n", $gateway);
+        echo "<br>";
+        printf(__s('Gateway: %s') . "\n", $gateway);
     }
 }
diff --git a/ajax/getMapPoint.php b/ajax/getMapPoint.php
@@ -42,7 +42,7 @@
 if (!isset($_POST['itemtype']) || !isset($_POST['items_id']) || (int)$_POST['items_id'] < 1) {
     $result = [
         'success'   => false,
-        'message'   => __('Required argument missing!')
+        'message'   => __s('Required argument missing!')
     ];
 } else {
     $itemtype = $_POST['itemtype'];
@@ -57,7 +57,7 @@
         } else {
             $result = [
                 'success'   => false,
-                'message'   => __('Element seems not geolocalized or cannot be found')
+                'message'   => __s('Element seems not geolocalized or cannot be found')
             ];
         }
     }
@@ -76,7 +76,7 @@
             $result = [
                 'success'   => false,
                 'message'   => "<h3>" . __("Location seems not geolocalized!") . "</h3>" .
-                           "<a href='" . $item->getLinkURL() . "'>" . __("Consider filling latitude and longitude on this location.") . "</a>"
+                           "<a href='" . $item->getLinkURL() . "'>" . __s("Consider filling latitude and longitude on this location.") . "</a>"
             ];
         }
     }

diff --git a/ajax/massiveaction.php b/ajax/massiveaction.php
@@ -73,7 +73,7 @@
     }
     $rand = mt_rand();
 
-    echo "<label for=\"dropdown_massiveaction$rand\">" . _n('Action', 'Actions', 1) . "</label>";
+    echo "<label for=\"dropdown_massiveaction$rand\">" . _sn('Action', 'Actions', 1) . "</label>";
     echo "&nbsp;";
 
     $actions = ['-1' => Dropdown::EMPTY_VALUE] + $actions;

diff --git a/ajax/priority.php b/ajax/priority.php
@@ -56,10 +56,10 @@
     } elseif ($_REQUEST["priority"]) {
         // Send UTF8 Headers
         header("Content-Type: text/html; charset=UTF-8");
-        echo "<script type='text/javascript' >\n";
+        echo "<script type='text/javascript' >";
         echo Html::jsSetDropdownValue($_REQUEST["priority"], $priority);
-        echo "\n</script>";
+        echo "</script>";
     } else {
-        echo Ticket::getPriorityName($priority);
+        echo htmlspecialchars(Ticket::getPriorityName($priority));
     }
 }
diff --git a/ajax/private_public.php b/ajax/private_public.php
@@ -48,7 +48,7 @@
             echo "<input type='hidden' name='is_recursive' value='0'>\n";
             $private =  __('Personal');
             $link    = "<a href='#' onClick='setPublic" . $_POST['rand'] . "();return false;'>" . __('Set public') . "</a>";
-            printf(__('%1$s - %2$s'), $private, $link);
+            printf(__s('%1$s - %2$s'), $private, $link);
             break;
 
         case false:
@@ -63,13 +63,13 @@
             echo "<table class='w-100'>";
             echo "<tr><td>";
             echo "<input type='hidden' name='is_private' value='0'>\n";
-            echo __('Public');
+            echo __s('Public');
             echo "</td><td>";
             Entity::dropdown(['value' => $val]);
-            echo "</td><td>" . __('Child entities') . "</td><td>";
+            echo "</td><td>" . __s('Child entities') . "</td><td>";
             Dropdown::showYesNo('is_recursive', $_POST["is_recursive"]);
             echo "</td><td>";
-            echo "<a href='#' onClick='setPrivate" . $_POST['rand'] . "();return false'>" . __('Set personal') . "</a>";
+            echo "<a href='#' onClick='setPrivate" . $_POST['rand'] . "();return false'>" . __s('Set personal') . "</a>";
             echo "</td></tr></table>";
             break;
     }

diff --git a/ajax/resaperiod.php b/ajax/resaperiod.php
@@ -50,13 +50,13 @@
     echo "<table style='width: 90%'>";
     switch ($_POST['type']) {
         case 'day':
-            echo "<tr><td>" . __('End date') . '</td><td>';
+            echo "<tr><td>" . __s('End date') . '</td><td>';
             Html::showDateField('periodicity[end]', ['value' => $_POST['end']]);
             echo "</td></tr>";
             break;
 
         case 'week':
-            echo "<tr><td>" . __('End date') . '</td><td>';
+            echo "<tr><td>" . __s('End date') . '</td><td>';
             Html::showDateField('periodicity[end]', ['value' => $_POST['end']]);
             echo "</td></tr></table>";
             echo "<table class='tab_glpi'>";

diff --git a/ajax/subvisibility.php b/ajax/subvisibility.php
@@ -62,7 +62,7 @@
                 $params['toadd'] = [-1 => __('No restriction')];
             }
             echo "<table class='tab_format'><tr><td>";
-            echo Entity::getTypeName(1);
+            echo htmlspecialchars(Entity::getTypeName(1));
             echo "</td><td>";
             Entity::dropdown($params);
             echo "</td><td>";

diff --git a/ajax/timeline.php b/ajax/timeline.php
@@ -126,7 +126,7 @@
         exit();
     }
     if ($template === null) {
-        echo __('Access denied');
+        echo __s('Access denied');
         exit();
     }
     $twig->display("components/itilobject/timeline/{$template}.html.twig", $params);
-Original file line number
+Diff line change
@@ Expand Up / @@ -123,6 +123,6 @@ @@
                 $params
             );
-            echo "<br><span id='showItemSpecificity_" . $name . "$rand'>&nbsp;</span>\n";
+            echo "<br><span id='showItemSpecificity_" . $name . "$rand'>&nbsp;</span>";
         }
     }