Skip to content

Commit

Permalink
fix XSS vulnerabilities in examples
Browse files Browse the repository at this point in the history
  • Loading branch information
spipu committed Jul 18, 2023
1 parent 0a75590 commit 92afd81
Show file tree
Hide file tree
Showing 5 changed files with 19 additions and 44 deletions.
6 changes: 5 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,13 @@

All notable changes to this project will be documented in this file.

## [5.2.8](https://github.com/spipu/html2pdf/compare/v5.2.7...v5.2.8) - 2023-07-18

* fix XSS vulnerabilities in examples `example9.php` and `forms.php` - thanks to Michał Majchrowicz, Livio Victoriano and Zbigniew Piotrak from [AFINE Team](https://www.afine.pl/)

## [5.2.7](https://github.com/spipu/html2pdf/compare/v5.2.6...v5.2.7) - 2023-02-02

* fix phunit compatibility
* fix phunit compatibility

## [5.2.6](https://github.com/spipu/html2pdf/compare/v5.2.5...v5.2.6) - 2023-01-28

Expand Down
29 changes: 12 additions & 17 deletions examples/example09.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,23 +15,18 @@
use Spipu\Html2Pdf\Exception\Html2PdfException;
use Spipu\Html2Pdf\Exception\ExceptionFormatter;

if (isset($_SERVER['REQUEST_URI'])) {
$generate = isset($_GET['make_pdf']);
$nom = isset($_GET['nom']) ? $_GET['nom'] : 'inconnu';
$url = dirname($_SERVER['REQUEST_URI']);
if (substr($url, 0, 7)!=='http://') {
$url = 'http://'.$_SERVER['HTTP_HOST'].$url;
}
} else {
$name = 'spipu';
$generate = false;

if (isset($_GET['nom'])) {
$generate = true;
$name = $_GET['nom'];
$name = preg_replace('/[^a-zA-Z0-9]/isU', '', $name);
$name = substr($name, 0, 26);
} else if (!isset($_SERVER['REQUEST_URI'])) {
$generate = true;
$nom = 'spipu';
$url = 'http://localhost/html2pdf/examples/';
}

$nom = substr(preg_replace('/[^a-zA-Z0-9]/isU', '', $nom), 0, 26);
$url.= '/res/example09.png.php?px=5&py=20';


if ($generate) {
ob_start();
} else {
Expand All @@ -49,13 +44,13 @@
<br>
Ceci est un exemple de génération de PDF via un bouton :)<br>
<br>
<img src="<?php echo $url; ?>" alt="image_php" ><br>
<img src="http://html2pdf-dev.lxd/res/example09.png.php?px=5&amp;py=20" alt="image_php" ><br>
<br>
<?php
if ($generate) {
?>
Bonjour <b><?php echo $nom; ?></b>, ton nom peut s'écrire : <br>
<barcode type="C39" value="<?php echo strtoupper($nom); ?>" style="color: #770000" ></barcode><hr>
Bonjour <b><?php echo $name; ?></b>, ton nom peut s'écrire : <br>
<barcode type="C39" value="<?php echo strtoupper($name); ?>" style="color: #770000" ></barcode><hr>
<br>
<?php
}
Expand Down
8 changes: 0 additions & 8 deletions examples/forms.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,6 @@
use Spipu\Html2Pdf\Exception\Html2PdfException;
use Spipu\Html2Pdf\Exception\ExceptionFormatter;

// for display the post information
if (isset($_POST['test'])) {
echo '<pre>';
echo htmlentities(print_r($_POST, true));
echo '</pre>';
exit;
}

try {
ob_start();
require dirname(__FILE__).'/res/forms.php';
Expand Down
18 changes: 1 addition & 17 deletions examples/res/forms.php
Original file line number Diff line number Diff line change
@@ -1,18 +1,3 @@
<?php

if (isset($_SERVER['REQUEST_URI'])) {
$url = $_SERVER['REQUEST_URI'];
if (substr($url, 0, 7)!=='http://') {
$url = 'http://'.$_SERVER['HTTP_HOST'];
if (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT']!=80) {
$url.= ':'.$_SERVER['SERVER_PORT'];
}
$url.= $_SERVER['REQUEST_URI'];
}
} else {
$url = 'http://localhost/html2pdf/examples/forms.php';
}
?>
<style type="text/css">
li
{ font-size: 10pt; }
Expand All @@ -29,7 +14,7 @@
<page footer="form,date,time">
<h1>Test de formulaire</h1><br>
<br>
<form action="<?php echo $url; ?>">
<form>
<input type="hidden" name="test" value="1">
Vous utilisez cette librairie dans le cadre :
<ul style="list-style: none">
Expand Down Expand Up @@ -66,6 +51,5 @@
<br>
<input type="reset" name="btn_reset" value="Initialiser">
<input type="button" name="btn_print" value="Imprimer" onclick="print(true);">
<input type="submit" name="btn_submit" value="Envoyer">
</form>
</page>
2 changes: 1 addition & 1 deletion src/Html2Pdf.php
Original file line number Diff line number Diff line change
Expand Up @@ -247,7 +247,7 @@ public function getVersionAsArray()
return array(
'major' => 5,
'minor' => 2,
'revision' => 7
'revision' => 8
);
}

Expand Down

0 comments on commit 92afd81

Please sign in to comment.