Illumina CMS / Zap CMS - Possible xss patch

Hey Ragezone


This is not much but may help some people, in case you have any staff that will abuse having access to housekeeping. It was possible for staff posting news articles to xss your site. If they included meta / JavaScript redirect code in the title or snippet they could redirect users as soon as they login.

In lightcms.php replace the entire "getMainStories" function with the one below;

Yes this is a small release but may help some people, going to hate then don't bother to post.

Code:

---


public static function getMainStories($amt) {
                        global $db, $tpl, $light;
                        if($r = $db->query("SELECT id,title,topstory_image,snippet FROM site_news ORDER BY id DESC LIMIT " . $amt . "")) {
                                $c = 0;
                                while($a = $r->fetch_assoc()) {
                                        $disp = 'block';
                                        $imgurl = $a['topstory_image'];
                                        if($c > 0) { $disp = 'none'; }
                                        $_seo = $a['id'] . "-" . strtolower(str_replace(strip_tags(' ', '-', $a['title'])));
                                        echo '<div class="topstory" style="background-image: url(' . $imgurl . '); display: ' . $disp . ';">
                                                        <h4>Latest news</h4>
                                                        <h3><a href="' . WWW . '/articles/' . $_seo . '">' . $light->filter(strip_tags($a['title'])) . '</a></h3>
                                                        <p class="summary">
                                                        ' .$light->filter(strip_tags($a['snippet'])) . '
                                                        </p>
                                                        <p>
                                                                <a href="' . WWW . '/articles/' . $_seo . '">Read more &raquo;</a>
                                                        </p>
                                                </div>';                                       
                                        $c++;
                                }
                                echo '<div id="topstories-nav" style="display: none"><a href="#" class="prev">&laquo; Previous</a><span>1</span> / ' . $c . '<a href="#" class="next">Next &raquo;</a></div>';
                        }
                        else {
                                $db->databaseError($db->error);
                        }
                }

---

Very good :) Also on the main news articles you could convert it to use BBCode and not allow staff to directly input HTML into the article body (not sure if this is the case with Illumina or not).

Great release. :proud: Also is implementable with UberCMS for the people who don't use Illumina in general

Quote:

---

Originally Posted by Hejula

Very good :) Also on the main news articles you could convert it to use BBCode and not allow staff to directly input HTML into the article body (not sure if this is the case with Illumina or not).

---

*some* raw html is supported in Illumina, most malicious shit is blocked out. My general rule of thumb is don't let dumbasses into housekeeping and to put a PIN on hk login.

Also, hot campaigns are only editable in database, so unless you're a complete retard then you should have no issues there either.