#853974 snoldak924, alex_b: Fix XSS vulnerabilities in module.

17d40965 · Alex Barth · 050378eb · 17d40965 · 17d40965 · 17d40965
Commit 17d40965 authored 14 years ago by Alex Barth
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -3,6 +3,7 @@
 Feeds 6.x xxxxxxxxxxxxxxxxxxxxxx
 --------------------------------
+- #853974 snoldak924, alex_b: Fix XSS vulnerabilities in module.
 - #887846 ekes: Make FeedsSimplePieEnclosure (un)serialization safe.
 - #908582 XiaN Vizjereij, alex_b: Fix "Cannot use object of type stdClass as
  array" error in mappers/taxonomy.inc.

--- a/feeds.pages.inc
+++ b/feeds.pages.inc
@@ -29,7 +29,7 @@ function feeds_page() {
      }
      $rows[] = array(
        l($title, $link),
-        $importer->config['description'],
+        check_plain($importer->config['description']),
      );
    }
  }

--- a/feeds_ui/feeds_ui.admin.inc
+++ b/feeds_ui/feeds_ui.admin.inc
@@ -63,8 +63,8 @@ function feeds_ui_overview_form(&$form_status) {
  );
  foreach (feeds_importer_load_all(TRUE) as $importer) {
    $importer_form = array();
-    $importer_form['name']['#value'] = $importer->config['name'];
+    $importer_form['name']['#value'] = check_plain($importer->config['name']);
-    $importer_form['description']['#value'] = $importer->config['description'];
+    $importer_form['description']['#value'] = check_plain($importer->config['description']);
    if (empty($importer->config['content_type'])) {
      $importer_form['attached']['#value'] = '[none]';
    }
@@ -774,8 +774,8 @@ function theme_feeds_ui_mapping_form($form) {
      // Some parsers do not define source options.
      $source = isset($form['source']['#options'][$mapping['source']]) ? $form['source']['#options'][$mapping['source']] : $mapping['source'];
      $rows[] = array(
-        $source,
+        check_plain($source),
-        $form['target']['#options'][$mapping['target']],
+        check_plain($form['target']['#options'][$mapping['target']]),
        drupal_render($form['unique_flags'][$i]),
        drupal_render($form['remove_flags'][$i]),
      );
@@ -803,8 +803,8 @@ function theme_feeds_ui_mapping_form($form) {
  $rows = array();
  foreach (element_children($form['legendset']['legend']['sources']) as $k) {
    $rows[] = array(
-      drupal_render($form['legendset']['legend']['sources'][$k]['name']),
+      check_plain(drupal_render($form['legendset']['legend']['sources'][$k]['name'])),
-      drupal_render($form['legendset']['legend']['sources'][$k]['description']),
+      check_plain(drupal_render($form['legendset']['legend']['sources'][$k]['description'])),
    );
  }
  if (count($rows)) {
@@ -816,8 +816,8 @@ function theme_feeds_ui_mapping_form($form) {
  $rows = array();
  foreach (element_children($form['legendset']['legend']['targets']) as $k) {
    $rows[] = array(
-      drupal_render($form['legendset']['legend']['targets'][$k]['name']),
+      check_plain(drupal_render($form['legendset']['legend']['targets'][$k]['name'])),
-      drupal_render($form['legendset']['legend']['targets'][$k]['description']),
+      check_plain(drupal_render($form['legendset']['legend']['targets'][$k]['description'])),
    );
  }
  $legend .= '<h4>'. t('Targets') .'</h4>';

--- a/plugins/FeedsCSVParser.inc
+++ b/plugins/FeedsCSVParser.inc
@@ -75,9 +75,9 @@ class FeedsCSVParser extends FeedsParser {
    $mappings = feeds_importer($this->id)->processor->config['mappings'];
    $sources = $uniques = array();
    foreach ($mappings as $mapping) {
-      $sources[] = $mapping['source'];
+      $sources[] = check_plain($mapping['source']);
      if ($mapping['unique']) {
-        $uniques[] = $mapping['source'];
+        $uniques[] = check_plain($mapping['source']);
      }
    }