ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

view=export: Remove inline event handlers and fix arbitrary URL/XSS usage. Fixes #2443

pull/2518/head
Matthew Noorenberghe 2019-02-09 02:01:26 -08:00
parent 61f6a92cc0
commit 02f09aad7f
5 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/ajax/event.php
View File

@ -71,7 +71,7 @@ if ( canView( 'Events' ) ) {
$exportIds = !empty($_REQUEST['eids'])?$_REQUEST['eids']:$_REQUEST['id'];
if ( $exportFile = exportEvents( $exportIds, $exportDetail, $exportFrames, $exportImages, $exportVideo, $exportMisc, $exportFormat ) )
ajaxResponse( array( 'exportFile'=>$exportFile ) );
ajaxResponse( array( 'exportFormat'=>$exportFormat ) );
else
ajaxError( 'Export Failed' );
break;

1
web/includes/functions.php
View File

@ -55,6 +55,7 @@ function CSPHeaders($view, $nonce) {
case 'donate':
case 'download':
case 'error':
case 'export':
case 'function':
case 'log':
case 'logout':

11
web/skins/classic/views/export.php
View File

@ -38,6 +38,13 @@ if ( isset($_SESSION['export']) ) {
$_REQUEST['exportFormat'] = $_SESSION['export']['format'];
}
if (isset($_REQUEST['exportFormat'])) {
if (!in_array($_REQUEST['exportFormat'], array('zip', 'tar'))) {
Error('Invalid exportFormat');
return;
}
}
$focusWindow = true;
xhtmlHeaders(__FILE__, translate('Export') );
@ -97,7 +104,7 @@ if ( !empty($_REQUEST['eid']) ) {
</tr>
</tbody>
</table>
<button type="button" id="exportButton" name="exportButton" value="Export" onclick="exportEvent(this.form);" disabled="disabled"><?php echo translate('Export') ?></button>
<button type="button" id="exportButton" name="exportButton" value="Export" disabled="disabled"><?php echo translate('Export') ?></button>
</form>
</div>
<?php
@ -112,7 +119,7 @@ if ( !empty($_REQUEST['eid']) ) {
}
if ( !empty($_REQUEST['generated']) ) {
?>
<h3 id="downloadLink"><a href="<?php echo validHtmlStr($_REQUEST['exportFile']) ?>"><?php echo translate('Download') ?></a></h3>
<h3 id="downloadLink"><a href="?view=archive&amp;type=<?php echo $_REQUEST['exportFormat']; ?>"><?php echo translate('Download') ?></a></h3>
<?php
}
?>

5
web/skins/classic/views/js/export.js
View File

@ -29,7 +29,7 @@ function exportProgress() {
}
function exportResponse( respObj, respText ) {
window.location.replace( thisUrl+'?view='+currentView+'&'+eidParm+'&exportFile='+respObj.exportFile+'&generated='+((respObj.result=='Ok')?1:0) );
window.location.replace( thisUrl+'?view='+currentView+'&'+eidParm+'&exportFormat='+respObj.exportFormat+'&generated='+((respObj.result=='Ok')?1:0) );
}
function exportEvent( form ) {
@ -49,6 +49,9 @@ function initPage() {
if ( exportReady ) {
startDownload.pass( exportFile ).delay( 1500 );
}
document.getElementById('exportButton').addEventListener('click', function onClick() {
exportEvent(this.form);
});
}
window.addEventListener( 'DOMContentLoaded', initPage );

2
web/skins/classic/views/js/export.js.php
View File

@ -14,6 +14,6 @@ var eidParm = 'eid=<?php echo validInt($_REQUEST['eid']) ?>';
?>
var exportReady = <?php echo !empty($_REQUEST['generated'])?'true':'false' ?>;
var exportFile = '<?php echo !empty($_REQUEST['exportFile'])?validJsStr($_REQUEST['exportFile']):'' ?>';
var exportFile = '?view=archive&type=<?php echo $_REQUEST['exportFormat']; ?>';
var exportProgressString = '<?php echo addslashes(translate('Exporting')) ?>';