Security: fix multiple XSS vulnerabilities + fix search tags with special chars

XSS vulnerabilities fixed in editlink, linklist, tag.cloud and tag.list. Also fixed tag search with special characters: urlencode function needs to be applied on raw data, before espaping, otherwise the rendered URL is wrong.
author: ArthurHoaro <arthur@hoa.ro> 2020-10-06 17:30:18 +0200
committer: ArthurHoaro <arthur@hoa.ro> 2020-10-06 17:30:18 +0200
commit: 72fbbcd6794facea2cf06d9742359d190257b00f (patch)
tree: a4d6f446ec861f9a7591edb31f322e2a846b2bac /tpl
parent: df25b28dcd3cde54d42c18a55a810daa82bf5727 (diff)
download: Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.tar.gz
Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.tar.zst
Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.zip
3 files changed, 10 insertions, 10 deletions
diff --git a/tpl/default/linklist.html b/tpl/default/linklist.html
index 2475f5fd..b08773d8 100644
--- a/tpl/default/linklist.html
+++ b/tpl/default/linklist.html
@@ -94,7 +94,7 @@
          {'tagged'|t}
          {loop="$exploded_tags"}
              <span class="label label-tag" title="{'Remove tag'|t}">
-                <a href="{$base_path}/remove-tag/{function="urlencode($value)"}" aria-label="{'Remove tag'|t}">
+                <a href="{$base_path}/remove-tag/{function="$search_tags_url.$key1"}" aria-label="{'Remove tag'|t}">
                  {$value}<span class="remove"><i class="fa fa-times" aria-hidden="true"></i></span>
                </a>
              </span>
@@ -183,7 +183,7 @@
                {$tag_counter=count($value.taglist)}
                {loop="value.taglist"}
                  <span class="label label-tag" title="{$strAddTag}">
-                    <a href="{$base_path}/add-tag/{$value|urlencode}">{$value}</a>
+                    <a href="{$base_path}/add-tag/{$value1.urlencoded_taglist.$key2}">{$value}</a>
                  </span>
                  {if="$tag_counter - 1 != $counter"}&middot;{/if}
                {/loop}
diff --git a/tpl/default/tag.cloud.html b/tpl/default/tag.cloud.html
index 024882ec..c067e1d4 100644
--- a/tpl/default/tag.cloud.html
+++ b/tpl/default/tag.cloud.html
@@ -15,7 +15,7 @@
    <h2 class="window-title">{'Tag cloud'|t} - {$countTags} {'tags'|t}</h2>
    {if="!empty($search_tags)"}
    <p class="center">
-      <a href="{$base_path}/?searchtags={$search_tags|urlencode}" class="pure-button pure-button-shaarli">
+      <a href="{$base_path}/?searchtags={$search_tags_url}" class="pure-button pure-button-shaarli">
        {'List all links with those tags'|t}
      </a>
    </p>
@@ -48,8 +48,8 @@
    <div id="cloudtag" class="cloudtag-container">
      {loop="tags"}
-        <a href="{$base_path}/?searchtags={$key|urlencode} {$search_tags|urlencode}" style="font-size:{$value.size}em;">{$key}</a
+        <a href="{$base_path}/?searchtags={$tags_url.$key1} {$search_tags_url}" style="font-size:{$value.size}em;">{$key}</a
-        ><a href="{$base_path}/add-tag/{$key|urlencode}" title="{'Filter by tag'|t}" class="count">{$value.count}</a>
+        ><a href="{$base_path}/add-tag/{$tags_url.$key1}" title="{'Filter by tag'|t}" class="count">{$value.count}</a>
        {loop="$value.tag_plugin"}
          {$value}
        {/loop}
diff --git a/tpl/default/tag.list.html b/tpl/default/tag.list.html
index 99ae44d2..96e7fbe0 100644
--- a/tpl/default/tag.list.html
+++ b/tpl/default/tag.list.html
@@ -15,7 +15,7 @@
    <h2 class="window-title">{'Tag list'|t} - {$countTags} {'tags'|t}</h2>
    {if="!empty($search_tags)"}
      <p class="center">
-        <a href="{$base_path}/?searchtags={$search_tags|urlencode}" class="pure-button pure-button-shaarli">
+        <a href="{$base_path}/?searchtags={$search_tags_url}" class="pure-button pure-button-shaarli">
          {'List all links with those tags'|t}
        </a>
      </p>
@@ -47,17 +47,17 @@
    <div id="taglist" class="taglist-container">
      {loop="tags"}
-        <div class="tag-list-item pure-g" data-tag="{$key}">
+        <div class="tag-list-item pure-g" data-tag="{$key}" data-tag-url="{$tags_url.$key1}">
          <div class="pure-u-1">
            {if="$is_logged_in===true"}
              <a href="#" class="delete-tag" aria-label="{'Delete'|t}"><i class="fa fa-trash" aria-hidden="true"></i></a>&nbsp;&nbsp;
-              <a href="{$base_path}/admin/tags?fromtag={$key|urlencode}" class="rename-tag" aria-label="{'Rename tag'|t}">
+              <a href="{$base_path}/admin/tags?fromtag={$tags_url.$key1}" class="rename-tag" aria-label="{'Rename tag'|t}">
                <i class="fa fa-pencil-square-o {$key}" aria-hidden="true"></i>
              </a>
            {/if}
-            <a href="{$base_path}/add-tag/{$key|urlencode}" title="{'Filter by tag'|t}" class="count">{$value}</a>
+            <a href="{$base_path}/add-tag/{$tags_url.$key1}" title="{'Filter by tag'|t}" class="count">{$value}</a>
-            <a href="{$base_path}/?searchtags={$key|urlencode} {$search_tags|urlencode}" class="tag-link">{$key}</a>
+            <a href="{$base_path}/?searchtags={$tags_url.$key1} {$search_tags_url}" class="tag-link">{$key}</a>
            {loop="$value.tag_plugin"}
              {$value}
author	ArthurHoaro <arthur@hoa.ro>	2020-10-06 17:30:18 +0200
committer	ArthurHoaro <arthur@hoa.ro>	2020-10-06 17:30:18 +0200
commit	72fbbcd6794facea2cf06d9742359d190257b00f (patch)
tree	a4d6f446ec861f9a7591edb31f322e2a846b2bac /tpl
parent	df25b28dcd3cde54d42c18a55a810daa82bf5727 (diff)
download	Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.tar.gz Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.tar.zst Shaarli-72fbbcd6794facea2cf06d9742359d190257b00f.zip

diff --git a/tpl/default/linklist.html b/tpl/default/linklist.html index 2475f5fd..b08773d8 100644 --- a/tpl/default/linklist.html +++ b/tpl/default/linklist.html
@@ -94,7 +94,7 @@
94	{'tagged'\|t}	94	{'tagged'\|t}
95	{loop="$exploded_tags"}	95	{loop="$exploded_tags"}
96	<span class="label label-tag" title="{'Remove tag'\|t}">	96	<span class="label label-tag" title="{'Remove tag'\|t}">
97	<a href="{$base_path}/remove-tag/{function="urlencode($value)"}" aria-label="{'Remove tag'\|t}">	97	<a href="{$base_path}/remove-tag/{function="$search_tags_url.$key1"}" aria-label="{'Remove tag'\|t}">
98	{$value}<span class="remove"><i class="fa fa-times" aria-hidden="true"></i></span>	98	{$value}<span class="remove"><i class="fa fa-times" aria-hidden="true"></i></span>
99	</a>	99	</a>
100	</span>	100	</span>
@@ -183,7 +183,7 @@
183	{$tag_counter=count($value.taglist)}	183	{$tag_counter=count($value.taglist)}
184	{loop="value.taglist"}	184	{loop="value.taglist"}
185	<span class="label label-tag" title="{$strAddTag}">	185	<span class="label label-tag" title="{$strAddTag}">
186	<a href="{$base_path}/add-tag/{$value\|urlencode}">{$value}</a>	186	<a href="{$base_path}/add-tag/{$value1.urlencoded_taglist.$key2}">{$value}</a>
187	</span>	187	</span>
188	{if="$tag_counter - 1 != $counter"}·{/if}	188	{if="$tag_counter - 1 != $counter"}·{/if}
189	{/loop}	189	{/loop}


diff --git a/tpl/default/tag.cloud.html b/tpl/default/tag.cloud.html index 024882ec..c067e1d4 100644 --- a/tpl/default/tag.cloud.html +++ b/tpl/default/tag.cloud.html
@@ -15,7 +15,7 @@
15	<h2 class="window-title">{'Tag cloud'\|t} - {$countTags} {'tags'\|t}</h2>	15	<h2 class="window-title">{'Tag cloud'\|t} - {$countTags} {'tags'\|t}</h2>
16	{if="!empty($search_tags)"}	16	{if="!empty($search_tags)"}
17	<p class="center">	17	<p class="center">
18	<a href="{$base_path}/?searchtags={$search_tags\|urlencode}" class="pure-button pure-button-shaarli">	18	<a href="{$base_path}/?searchtags={$search_tags_url}" class="pure-button pure-button-shaarli">
19	{'List all links with those tags'\|t}	19	{'List all links with those tags'\|t}
20	</a>	20	</a>
21	</p>	21	</p>
@@ -48,8 +48,8 @@
48		48
49	<div id="cloudtag" class="cloudtag-container">	49	<div id="cloudtag" class="cloudtag-container">
50	{loop="tags"}	50	{loop="tags"}
51	<a href="{$base_path}/?searchtags={$key\|urlencode} {$search_tags\|urlencode}" style="font-size:{$value.size}em;">{$key}</a	51	<a href="{$base_path}/?searchtags={$tags_url.$key1} {$search_tags_url}" style="font-size:{$value.size}em;">{$key}</a
52	><a href="{$base_path}/add-tag/{$key\|urlencode}" title="{'Filter by tag'\|t}" class="count">{$value.count}</a>	52	><a href="{$base_path}/add-tag/{$tags_url.$key1}" title="{'Filter by tag'\|t}" class="count">{$value.count}</a>
53	{loop="$value.tag_plugin"}	53	{loop="$value.tag_plugin"}
54	{$value}	54	{$value}
55	{/loop}	55	{/loop}


diff --git a/tpl/default/tag.list.html b/tpl/default/tag.list.html index 99ae44d2..96e7fbe0 100644 --- a/tpl/default/tag.list.html +++ b/tpl/default/tag.list.html
@@ -15,7 +15,7 @@
15	<h2 class="window-title">{'Tag list'\|t} - {$countTags} {'tags'\|t}</h2>	15	<h2 class="window-title">{'Tag list'\|t} - {$countTags} {'tags'\|t}</h2>
16	{if="!empty($search_tags)"}	16	{if="!empty($search_tags)"}
17	<p class="center">	17	<p class="center">
18	<a href="{$base_path}/?searchtags={$search_tags\|urlencode}" class="pure-button pure-button-shaarli">	18	<a href="{$base_path}/?searchtags={$search_tags_url}" class="pure-button pure-button-shaarli">
19	{'List all links with those tags'\|t}	19	{'List all links with those tags'\|t}
20	</a>	20	</a>
21	</p>	21	</p>
@@ -47,17 +47,17 @@
47		47
48	<div id="taglist" class="taglist-container">	48	<div id="taglist" class="taglist-container">
49	{loop="tags"}	49	{loop="tags"}
50	<div class="tag-list-item pure-g" data-tag="{$key}">	50	<div class="tag-list-item pure-g" data-tag="{$key}" data-tag-url="{$tags_url.$key1}">
51	<div class="pure-u-1">	51	<div class="pure-u-1">
52	{if="$is_logged_in===true"}	52	{if="$is_logged_in===true"}
53	<a href="#" class="delete-tag" aria-label="{'Delete'\|t}"><i class="fa fa-trash" aria-hidden="true"></i></a>	53	<a href="#" class="delete-tag" aria-label="{'Delete'\|t}"><i class="fa fa-trash" aria-hidden="true"></i></a>
54	<a href="{$base_path}/admin/tags?fromtag={$key\|urlencode}" class="rename-tag" aria-label="{'Rename tag'\|t}">	54	<a href="{$base_path}/admin/tags?fromtag={$tags_url.$key1}" class="rename-tag" aria-label="{'Rename tag'\|t}">
55	<i class="fa fa-pencil-square-o {$key}" aria-hidden="true"></i>	55	<i class="fa fa-pencil-square-o {$key}" aria-hidden="true"></i>
56	</a>	56	</a>
57	{/if}	57	{/if}
58		58
59	<a href="{$base_path}/add-tag/{$key\|urlencode}" title="{'Filter by tag'\|t}" class="count">{$value}</a>	59	<a href="{$base_path}/add-tag/{$tags_url.$key1}" title="{'Filter by tag'\|t}" class="count">{$value}</a>
60	<a href="{$base_path}/?searchtags={$key\|urlencode} {$search_tags\|urlencode}" class="tag-link">{$key}</a>	60	<a href="{$base_path}/?searchtags={$tags_url.$key1} {$search_tags_url}" class="tag-link">{$key}</a>
61		61
62	{loop="$value.tag_plugin"}	62	{loop="$value.tag_plugin"}
63	{$value}	63	{$value}