Add stronger input validation/output escaping for theme, tags and categories vars

2023-03-05 19:13:48 +00:00 · 2023-03-05 19:13:48 +00:00 · feb0267002
parent 5640a22c18
commit feb0267002
8 changed files with 42 additions and 42 deletions
--- a/client_side_nav.php
+++ b/client_side_nav.php
@ -1,5 +1,5 @@
 <!-- Main Sidebar Container -->
-<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
+<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">

    <!-- Sidebar -->
    <div class="sidebar">
--- a/header.php
+++ b/header.php
@ -36,5 +36,5 @@ header("X-Frame-Options: DENY");
  <script src="plugins/toastr/toastr.min.js"></script>

 </head>
-<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo $config_theme; ?>">
+<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo htmlentities($config_theme); ?>">
  <div class="wrapper text-sm">
--- a/models/category.php
+++ b/models/category.php
@ -1,4 +1,4 @@
 <?php
 $name = sanitizeInput($_POST['name']);
 $type = sanitizeInput($_POST['type']);
-$color = sanitizeInput($_POST['color']);
+$color = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['color']));
--- a/models/tag.php
+++ b/models/tag.php
@ -1,5 +1,5 @@
 <?php
 $name = sanitizeInput($_POST['name']);
 $type = intval($_POST['type']);
-$color = sanitizeInput($_POST['color']);
-$icon = sanitizeInput($_POST['icon']);
+$color = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['color']));
+$icon = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['icon']));
--- a/post.php
+++ b/post.php
@ -870,7 +870,7 @@ if(isset($_POST['edit_theme_settings'])){

    validateAdminRole();

-    $theme = sanitizeInput($_POST['theme']);
+    $theme = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['theme']));

    mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = $session_company_id");

--- a/settings_side_nav.php
+++ b/settings_side_nav.php
@ -1,5 +1,5 @@
 <!-- Main Sidebar Container -->
-<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
+<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">

  <!-- Sidebar -->
  <div class="sidebar">
@ -8,7 +8,7 @@
    <nav class="mt-2">

      <ul class="nav nav-pills nav-sidebar flex-column" data-widget="treeview" data-accordion="false">
-        
+
        <li class="nav-item mb-2">
          <a href="dashboard_financial.php" class="nav-link">
            <i class="nav-icon fas fa-arrow-left"></i>
@ -24,7 +24,7 @@
            <p>Users</p>
          </a>
        </li>
-        
+
        <li class="nav-item">
          <a href="companies.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "companies.php") { echo "active"; } ?>">
            <i class="nav-icon far fa-building"></i>
@ -82,71 +82,71 @@
        <li class="nav-header mt-3">SETTINGS</li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_theme.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_theme.php") { echo "active"; } ?>"
            href="settings_theme.php">
            <i class="nav-icon fa fa-palette"></i>
            <p>Theme</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_mail.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_mail.php") { echo "active"; } ?>"
            href="settings_mail.php">
            <i class="nav-icon far fa-envelope"></i>
            <p>Mail</p>
-          </a> 
+          </a>
        </li>

        <?php if ($config_module_enable_accounting) { ?>
        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_defaults.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_defaults.php") { echo "active"; } ?>"
            href="settings_defaults.php">
            <i class="nav-icon fas fa-cog"></i>
            <p>Defaults</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_invoice.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_invoice.php") { echo "active"; } ?>"
            href="settings_invoice.php">
            <i class="nav-icon fas fa-file"></i>
            <p>Invoice</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_quote.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_quote.php") { echo "active"; } ?>"
            href="settings_quote.php">
            <i class="nav-icon far fa-file"></i>
            <p>Quote</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_alerts.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_alerts.php") { echo "active"; } ?>"
            href="settings_alerts.php">
            <i class="nav-icon far fa-bell"></i>
            <p>Alerts</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_online_payment.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_online_payment.php") { echo "active"; } ?>"
            href="settings_online_payment.php">
            <i class="nav-icon far fa-credit-card"></i>
            <p>Online Payment</p>
-          </a> 
+          </a>
        </li>

        <?php } ?>

        <?php if ($config_module_enable_ticketing) { ?>
        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_ticket.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_ticket.php") { echo "active"; } ?>"
            href="settings_ticket.php">
            <i class="nav-icon fas fa-life-ring"></i>
            <p>Ticket</p>
-          </a> 
+          </a>
        </li>
        <?php } ?>

@ -154,31 +154,31 @@
          <a href="settings_integrations.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_integrations.php") { echo "active"; } ?>">
            <i class="nav-icon fas fa-puzzle-piece"></i>
            <p>Integrations</p>
-          </a> 
+          </a>
        </li>
-       
+
        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_update.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_update.php") { echo "active"; } ?>"
            href="settings_update.php">
            <i class="nav-icon fas fa-arrow-alt-circle-up"></i>
            <p>Update</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_telemetry.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_telemetry.php") { echo "active"; } ?>"
            href="settings_telemetry.php">
            <i class="nav-icon fas fa-broadcast-tower"></i>
            <p>Telemetry</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
-          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_backup.php") { echo "active"; } ?>" 
+          <a class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "settings_backup.php") { echo "active"; } ?>"
            href="settings_backup.php">
            <i class="nav-icon fas fa-database"></i>
            <p>Backup</p>
-          </a> 
+          </a>
        </li>

        <li class="nav-item">
@ -188,7 +188,7 @@
              <p>Modules</p>
          </a>
        </li>
-      
+
        <li class="nav-item">
          <a href="logs.php" class="nav-link <?php if (basename($_SERVER["PHP_SELF"]) == "logs.php") { echo "active"; } ?>">
            <i class="nav-icon far fa-eye"></i>
@ -196,7 +196,7 @@
          </a>
        </li>
      </ul>
-    
+
    </nav>
    <!-- /.sidebar-menu -->
  </div>
--- a/side_nav.php
+++ b/side_nav.php
@ -1,5 +1,5 @@
 <!-- Main Sidebar Container -->
-<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
+<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">

    <!-- Sidebar -->
    <div class="sidebar">
--- a/top_nav.php
+++ b/top_nav.php
@ -1,5 +1,5 @@
 <!-- Navbar -->
-<nav class="main-header navbar navbar-expand navbar-<?php echo $config_theme; ?> navbar-dark">
+<nav class="main-header navbar navbar-expand navbar-<?php echo htmlentities($config_theme); ?> navbar-dark">

  <!-- Left navbar links -->
  <ul class="navbar-nav">
@ -45,7 +45,7 @@
      <a class="nav-link" data-toggle="dropdown" href="#" aria-expanded="false">
        <i class="far fa-bell"></i>
        <span class="badge badge-danger navbar-badge"><?php echo $num_notifications; ?></span>
-        
+
      </a>
      <div class="dropdown-menu dropdown-menu-xlg dropdown-menu-right" style="left: inherit; right: 0px;">
        <a href="notifications.php" class="dropdown-item dropdown-header"><i class="fas fa-fw fa-bell mr-2"></i><strong><?php echo $num_notifications; ?></strong> Notifications</a>
@ -65,7 +65,7 @@
          </p>
          <small class="text-secondary"><?php echo $notification; ?></small>
        </a>
-        
+
        <?php
        }
        ?>
@ -93,7 +93,7 @@
    <?php } ?>

    <!-- End New Notifications Dropdown -->
-    
+
    <li class="nav-item dropdown user-menu">
      <a href="#" class="nav-link" data-toggle="dropdown">
        <?php if (empty($session_avatar)) { ?>
@ -109,7 +109,7 @@
          <?php if (empty($session_avatar)) { ?>
          	<i class="fas fa-user-circle fa-6x"></i>
          <?php }else{ ?>
-          
+
          	<img src="<?php echo "uploads/users/$session_user_id/$session_avatar"; ?>" class="img-circle">
 					<?php } ?>
          <p>
@ -124,7 +124,7 @@
        </li>
      </ul>
    </li>
-    
+
  </ul>
 </nav>
 <!-- /.navbar -->