Mirrors/invoiceninja
1
0
Fork 0
mirror of https://github.com/invoiceninja/invoiceninja.git synced 2024-11-08 12:12:48 +01:00
Code Issues Releases Activity

Document - fix stored xss

Browse Source 
https://huntr.dev/bounties/99c4ed09-b66f-474a-bd74-eeccf9339fde/
This commit is contained in:
theworstcomrade 2021-11-18 23:02:04 +01:00
parent 2b8af442cc
commit 8816bd30c3
4 changed files with 1 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/Libraries/HTMLUtils.php
View File

@ -4,7 +4,6 @@ namespace App\Libraries;
use HTMLPurifier; use HTMLPurifier;
use HTMLPurifier_Config; use HTMLPurifier_Config;
use enshrined\svgSanitize\Sanitizer;
class HTMLUtils class HTMLUtils
{ {
@ -75,15 +74,4 @@ class HTMLUtils
return env($key, env($field, $default)); return env($key, env($field, $default));
} }
public static function sanitizeSVG($svg)
{
try {
$sanitizer = new Sanitizer();
return $sanitizer->sanitize($svg);
} catch(\Exception $e) {
return "";
}
}
} }

5
app/Models/Document.php
View File

@ -43,7 +43,7 @@ class Document extends EntityModel
'application/msword', 'application/msword',
'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel', 'application/excel', 'application/vnd.ms-excel', 'application/x-excel', 'application/x-msexcel',
'application/vnd.openxmlformats-officedocument.wordprocessingml.document', 'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/postscript', 'image/svg+xml', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', 'application/postscript',
'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/vnd.ms-powerpoint', 'application/vnd.openxmlformats-officedocument.presentationml.presentation', 'application/vnd.ms-powerpoint',
]; ];
@ -57,9 +57,6 @@ class Document extends EntityModel
'ai' => [ 'ai' => [
'mime' => 'application/postscript', 'mime' => 'application/postscript',
], ],
'svg' => [
'mime' => 'image/svg+xml',
],
'jpeg' => [ 'jpeg' => [
'mime' => 'image/jpeg', 'mime' => 'image/jpeg',
], ],

9
app/Ninja/Repositories/DocumentRepository.php
View File

@ -7,7 +7,6 @@ use DB;
use Form; use Form;
use Intervention\Image\ImageManager; use Intervention\Image\ImageManager;
use Utils; use Utils;
use App\Libraries\HTMLUtils;
class DocumentRepository extends BaseRepository class DocumentRepository extends BaseRepository
{ {
@ -84,14 +83,6 @@ class DocumentRepository extends BaseRepository
return 'File too large'; return 'File too large';
} }
if($documentType === 'svg') {
$stream = file_get_contents($filePath);
if(!($stream = HTMLUtils::sanitizeSVG($stream))) {
return 'Unsupported file type';
}
file_put_contents($filePath, $stream);
}
// don't allow a document to be linked to both an invoice and an expense // don't allow a document to be linked to both an invoice and an expense
if (array_get($data, 'invoice_id') && array_get($data, 'expense_id')) { if (array_get($data, 'invoice_id') && array_get($data, 'expense_id')) {
unset($data['expense_id']); unset($data['expense_id']);

1
composer.json
View File

@ -44,7 +44,6 @@
"digitickets/omnipay-realex": "~5.0", "digitickets/omnipay-realex": "~5.0",
"doctrine/dbal": "2.6.x", "doctrine/dbal": "2.6.x",
"dompdf/dompdf": "0.6.2", "dompdf/dompdf": "0.6.2",
"enshrined/svg-sanitize": "^0.14.1",
"ezyang/htmlpurifier": "~v4.7", "ezyang/htmlpurifier": "~v4.7",
"fotografde/omnipay-checkoutcom": "~2.0", "fotografde/omnipay-checkoutcom": "~2.0",
"fruitcakestudio/omnipay-sisow": "~2.0", "fruitcakestudio/omnipay-sisow": "~2.0",