Prevent XSS by escaping the output
This commit is contained in:
Olav Vitters
parent
57f9634ecb
commit
26d33af6e2
6 changed files with 40 additions and 31 deletions
|
|
@ -8,7 +8,7 @@ function step3_do () {
|
|||
|
||||
$result = "<h2>Step 3/4 - Confirm your vote</h2>\n";
|
||||
|
||||
$result .= "<p><strong>".$election["question"]."</strong></p>\n";
|
||||
$result .= "<p><strong>".htmlspecialchars($election["question"])."</strong></p>\n";
|
||||
if (count ($votes_array) >= 1) {
|
||||
$result .= "<p>You choose to vote for:</p>\n";
|
||||
|
||||
|
|
@ -18,15 +18,15 @@ function step3_do () {
|
|||
$found = FALSE;
|
||||
foreach ($choices as $choice) {
|
||||
if ($choice["id"] == $vote) {
|
||||
$result .= "<li>".$choice["choice"]."</li>\n";
|
||||
$result .= "<li>".htmlspecialchars($choice["choice"])."</li>\n";
|
||||
$found = TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$found) {
|
||||
$result .= "<li>Unknown vote: ".$vote."</li>\n";
|
||||
$error .= "There was an unkown vote: ".$vote."<br />\n";
|
||||
$result .= "<li>Unknown vote: ".htmlspecialchars($vote)."</li>\n";
|
||||
$error .= "There was an unkown vote: ".htmlspecialchars($vote)."<br />\n";
|
||||
}
|
||||
}
|
||||
$result .= "</ol>\n";
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ function step4_do () {
|
|||
$result .= "<h2>Step 4/4 - Keep your anonymous token</h2>\n";
|
||||
$result .= "<h3>Your vote has been received.</h3>\n";
|
||||
$result .= "<p>Please write this anonymous token somewhere:</p>\n";
|
||||
$result .= "<div class=\"votedata\"><p><strong><span class=\"token\">".$anon_token."</span></strong></p></div>\n";
|
||||
$result .= "<div class=\"votedata\"><p><strong><span class=\"token\">".htmlspecialchars($anon_token)."</span></strong></p></div>\n";
|
||||
$result .= "<p>This anonymous token will enable you to verify your vote when the preliminary results will be published. Nobody, even the Membership and Elections Committee, except you knows that this token is associated with you and only you will be able to verify your vote. It is not possible to request this anonymous token later.</p>\n";
|
||||
|
||||
return $result;
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ if (count ($current_elections) > 0) {
|
|||
<ul>
|
||||
<?php
|
||||
foreach ($current_elections as $election) {
|
||||
echo " <li><a href=\"vote.php?election_id=".$election["id"]."\">".$election["name"]."</a></li>\n";
|
||||
echo " <li><a href=\"vote.php?election_id=".rawurlencode($election["id"])."\">".htmlspecialchars($election["name"])."</a></li>\n";
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
|
|
@ -57,7 +57,7 @@ if (count ($previous_elections) > 0) {
|
|||
<ul>
|
||||
<?php
|
||||
foreach ($previous_elections as $election) {
|
||||
echo " <li><a href=\"results.php?election_id=".$election["id"]."\">".$election["name"]."</a></li>\n";
|
||||
echo " <li><a href=\"results.php?election_id=".rawurlencode($election["id"])."\">".htmlspecialchars($election["name"])."</a></li>\n";
|
||||
}
|
||||
?>
|
||||
</ul>
|
||||
|
|
|
|||
|
|
@ -47,24 +47,24 @@ if ($display && $election_id >= 0) {
|
|||
if (isset ($election) && $election !== FALSE) {
|
||||
if ($results !== FALSE)
|
||||
{
|
||||
echo "<h1>Results for the ".$election["name"]."</h1>\n";
|
||||
echo "<h1>Results for the ".htmlspecialchars($election["name"])."</h1>\n";
|
||||
} else {
|
||||
$error .= "The voting period for the specified ".elec_election_get_type ($election)." has closed, but the results of the election have not yet been calculated. It is not possible to see the results now.<br />\n";
|
||||
echo "<p>In the meantime, you can look at the <a href=\"votes.php?election_id=".$election_id."\">list of all votes</a> and verify that your vote is correct.</p>\n";
|
||||
echo "<p>In the meantime, you can look at the <a href=\"votes.php?election_id=".rawurlencode($election_id)."\">list of all votes</a> and verify that your vote is correct.</p>\n";
|
||||
$display = FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
if ($display) {
|
||||
echo "<hr/>";
|
||||
echo $results["result"];
|
||||
echo htmlspecialchars($results["result"]);
|
||||
echo "<hr/>";
|
||||
|
||||
echo "<p>Please look at the <a href=\"votes.php?election_id=".$election_id."\">list of all votes</a> and verify that your vote is correct.</p>\n";
|
||||
echo "<p>Please look at the <a href=\"votes.php?election_id=".rawurlencode($election_id)."\">list of all votes</a> and verify that your vote is correct.</p>\n";
|
||||
}
|
||||
|
||||
if (isset ($error) && $error != "") {
|
||||
echo "<div class=\"error\">".$error."</div>\n";;
|
||||
echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
|
||||
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -106,6 +106,15 @@ cursor: pointer;
|
|||
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||
|
||||
<?php
|
||||
|
||||
function escape_js_var($var) {
|
||||
$var = preg_replace("([\\\'\"\/])", "\\$1");
|
||||
$var = str_replace("\n", "\\n");
|
||||
$var = str_replace("\r", "\\r");
|
||||
|
||||
return $var;
|
||||
}
|
||||
|
||||
if ($step==2)
|
||||
{
|
||||
?>
|
||||
|
|
@ -137,9 +146,9 @@ function populateList(){
|
|||
foreach ($choices as $choice) {
|
||||
$index++;
|
||||
echo " listItem = document.createElement('li');\n";
|
||||
echo " listItem.setAttribute('name', 'vote" . $choice["id"] . "');\n";
|
||||
echo " listItem.setAttribute('name', 'vote" . escape_js_var($choice["id"]) . "');\n";
|
||||
echo " listItem.setAttribute('onclick', 'addPreference(this)');\n";
|
||||
echo " listItemText = document.createTextNode('" . $choice["choice"] . "');\n";
|
||||
echo " listItemText = document.createTextNode('" . escape_js_var($choice["choice"]) . "');\n";
|
||||
echo " listItem.appendChild(listItemText);\n";
|
||||
echo " candidateList.appendChild(listItem);\n\n";
|
||||
|
||||
|
|
@ -201,7 +210,7 @@ if ($step==2){
|
|||
|
||||
|
||||
if (isset ($election) && $election !== FALSE) {
|
||||
echo "<h1>".$election["name"]."</h1>\n";
|
||||
echo "<h1>".htmlspecialchars($election["name"])."</h1>\n";
|
||||
}
|
||||
|
||||
if ($step >= 2) {
|
||||
|
|
@ -245,24 +254,24 @@ if (isset ($handle))
|
|||
elec_sql_close ($handle);
|
||||
|
||||
if (isset ($error) && $error != "") {
|
||||
echo "<div class=\"error\">".$error."</div>\n";;
|
||||
echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
|
||||
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
|
||||
}
|
||||
|
||||
if ($step != $max_step && $step >= 1) {
|
||||
echo "<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\"";
|
||||
echo "<form action=\"".htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES)."\" method=\"post\"";
|
||||
if ($step == 2) {
|
||||
echo "onsubmit=\"submitPreferences()\"";
|
||||
}
|
||||
echo ">\n";
|
||||
}
|
||||
|
||||
echo $result;
|
||||
echo $result; // already HTML escaped
|
||||
|
||||
if ($step != $max_step && $step >= 1) {
|
||||
if ($step > 1) {
|
||||
echo " <input type=\"hidden\" name=\"email\" value=\"".$email."\" />\n";
|
||||
echo " <input type=\"hidden\" name=\"tmp_token\" value=\"".$tmp_token."\" />\n";
|
||||
echo " <input type=\"hidden\" name=\"email\" value=\"". htmlspecialchars($email)."\" />\n";
|
||||
echo " <input type=\"hidden\" name=\"tmp_token\" value=\"".htmlspecialchars($tmp_token)."\" />\n";
|
||||
}
|
||||
if ($step > 2) {
|
||||
$index=0;
|
||||
|
|
@ -272,11 +281,11 @@ if ($step != $max_step && $step >= 1) {
|
|||
$name = "pref".$index;
|
||||
$value = "vote".$vote;
|
||||
|
||||
echo " <input type=\"hidden\" name=\"".$name."\" value=\"".$value."\" />\n";
|
||||
echo " <input type=\"hidden\" name=\"".htmlspecialchars($name)."\" value=\"".htmlspecialchars($value)."\" />\n";
|
||||
}
|
||||
}
|
||||
echo " <input type=\"hidden\" name=\"election_id\" value=\"".$election_id."\" />\n";
|
||||
echo " <input type=\"hidden\" name=\"step\" value=\"".($step + 1)."\" />\n";
|
||||
echo " <input type=\"hidden\" name=\"election_id\" value=\"".htmlspecialchars($election_id)."\" />\n";
|
||||
echo " <input type=\"hidden\" name=\"step\" value=\"".htmlspecialchars($step + 1)."\" />\n";
|
||||
echo " <input type=\"submit\" value=\"Continue to next step\" />\n";
|
||||
echo "</form>\n";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -41,7 +41,7 @@ if ($display && $election_id >= 0) {
|
|||
}
|
||||
|
||||
if (isset ($election) && $election !== FALSE) {
|
||||
echo "<h1>Detailed votes for the ".$election["name"]."</h1>\n";
|
||||
echo "<h1>Detailed votes for the ".htmlspecialchars($election["name"])."</h1>\n";
|
||||
}
|
||||
|
||||
if ($display) {
|
||||
|
|
@ -66,12 +66,12 @@ if ($display) {
|
|||
$choices_name[$choice["id"]] = $choice["choice"];
|
||||
}
|
||||
|
||||
echo "<p>Please look at the <a href=\"results.php?election_id=".$election_id."\">automatic results</a> to have a summary of the votes. ";
|
||||
echo "You can also <a href=\"blt.php?election_id=".$election_id."\">download the ballots</a> in the OpenSTV .blt file format and verify the results.</p>\n";
|
||||
echo "<p>Please look at the <a href=\"results.php?election_id=".rawurlencode($election_id)."\">automatic results</a> to have a summary of the votes. ";
|
||||
echo "You can also <a href=\"blt.php?election_id=".rawurlencode($election_id)."\">download the ballots</a> in the OpenSTV .blt file format and verify the results.</p>\n";
|
||||
|
||||
echo "<p>Please note that these results are automatically calculated and are thus not the official results.</p>\n";
|
||||
|
||||
echo "<p><strong>".$election["question"]."</strong></p>\n";
|
||||
echo "<p><strong>".htmlspecialchars($election["question"])."</strong></p>\n";
|
||||
|
||||
echo "<table class=\"detailedvotes\">\n<tr><th>Anonymous token</th><th>Vote(s)</th></tr>\n";
|
||||
$color = TRUE;
|
||||
|
|
@ -83,7 +83,7 @@ if ($display) {
|
|||
$class = "colorB";
|
||||
|
||||
echo "<tr class=\"".$class."\">\n";
|
||||
echo "<td><span class=\"token\">".$anon_token["anon_token"]."</span></td>\n";
|
||||
echo "<td><span class=\"token\">".htmlspecialchars($anon_token["anon_token"])."</span></td>\n";
|
||||
|
||||
echo "<td>";
|
||||
|
||||
|
|
@ -96,9 +96,9 @@ if ($display) {
|
|||
echo "<ol>";
|
||||
foreach ($votes as $vote) {
|
||||
if (array_key_exists ($vote["choice_id"], $choices_name))
|
||||
echo "<li><em>".$votes["preference"]." ".$choices_name[$vote["choice_id"]]."</em></li>\n";
|
||||
echo "<li><em>".htmlspecialchars($votes["preference"])." ".htmlspecialchars($choices_name[$vote["choice_id"]])."</em></li>\n";
|
||||
else {
|
||||
echo "<li><em>Unknown value (".$vote["choice_id"].")</em></li>\n";
|
||||
echo "<li><em>Unknown value (".htmlspecialchars($vote["choice_id"]).")</em></li>\n";
|
||||
$error .= "There was an unkown vote for anonymous token ".$anon_token["anon_token"].": ".$vote["choice_id"]."<br />\n";
|
||||
}
|
||||
}
|
||||
|
|
@ -114,7 +114,7 @@ if ($display) {
|
|||
}
|
||||
|
||||
if (isset ($error) && $error != "") {
|
||||
echo "<div class=\"error\">".$error."</div>\n";;
|
||||
echo "<div class=\"error\">".htmlspecialchars($error)."</div>\n";;
|
||||
echo "<p>If you don't understand the error, you should probably contact the Membership and Elections Committee, which can be reached at <a href=\"mailto:elections@gnome.org\">elections@gnome.org</a>.</p>\n";
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue