From 4cf6c0797755e85ef7575cbd4c6482b643d2972b Mon Sep 17 00:00:00 2001 From: Roy Date: Wed, 3 Apr 2024 14:44:34 +0200 Subject: [PATCH] Dnn.Platform: Prevent XSS attacks through direct access to certain DB columns. --- ...-attacks-through-access-to-database-.patch | 40 +++++++++++++++++++ ...p-prevent-XSS-attacks-through-access.patch | 26 ++++++++++++ 2 files changed, 66 insertions(+) create mode 100644 dnnsoftware/Dnn.Platform/0001-Help-prevent-XSS-attacks-through-access-to-database-.patch create mode 100644 dnnsoftware/Dnn.Platform/0002-Unverified-.-Help-prevent-XSS-attacks-through-access.patch diff --git a/dnnsoftware/Dnn.Platform/0001-Help-prevent-XSS-attacks-through-access-to-database-.patch b/dnnsoftware/Dnn.Platform/0001-Help-prevent-XSS-attacks-through-access-to-database-.patch new file mode 100644 index 0000000..99b74d3 --- /dev/null +++ b/dnnsoftware/Dnn.Platform/0001-Help-prevent-XSS-attacks-through-access-to-database-.patch @@ -0,0 +1,40 @@ +From 999f5e1e7467fc688f00515e14ff247cdeb730d3 Mon Sep 17 00:00:00 2001 +From: Roy +Date: Wed, 27 Mar 2024 13:38:58 +0100 +Subject: [PATCH 1/2] Help prevent XSS attacks through access to database + "displayName" column. + +--- + DNN Platform/Modules/Journal/Scripts/mentionsInput.js | 2 +- + .../admin/personaBar/scripts/permissionGrid.js | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/DNN Platform/Modules/Journal/Scripts/mentionsInput.js b/DNN Platform/Modules/Journal/Scripts/mentionsInput.js +index 6672d9694f..064588c833 100644 +--- a/DNN Platform/Modules/Journal/Scripts/mentionsInput.js ++++ b/DNN Platform/Modules/Journal/Scripts/mentionsInput.js +@@ -162,7 +162,7 @@ + $this.data('ui-autocomplete')._renderItem = function(ul, item) { + return $('
  • ') + .data('ui-autocomplete-item', item) +- .append('' + item.displayName + '') ++ .append('' + $('').text(dnn.decodeHTML(item.displayName)) + '') + .appendTo(ul); + }; + +diff --git a/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js b/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js +index cca1593c04..e096a53944 100644 +--- a/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js ++++ b/Dnn.AdminExperience/Library/Dnn.PersonaBar.UI/admin/personaBar/scripts/permissionGrid.js +@@ -109,7 +109,7 @@ if (typeof dnn.controls === "undefined" || dnn.controls === null) { dnn.controls + var cols = header.find('>td:not(:first-child)'); + var row = $(''); + row.data('key', type == "users" ? data.userId : data.roleId); +- row.append('' + (type == "users" ? data.displayName : data.roleName) + ""); ++ row.append($('').text(dnn.decodeHTML(type == "users" ? data.displayName : data.roleName))); + for (var i = 0; i < cols.length; i++) { + var headerCol = cols.eq(i); + var permissionId = headerCol.data('permissionId'); +-- +2.32.0 + diff --git a/dnnsoftware/Dnn.Platform/0002-Unverified-.-Help-prevent-XSS-attacks-through-access.patch b/dnnsoftware/Dnn.Platform/0002-Unverified-.-Help-prevent-XSS-attacks-through-access.patch new file mode 100644 index 0000000..e7c17c8 --- /dev/null +++ b/dnnsoftware/Dnn.Platform/0002-Unverified-.-Help-prevent-XSS-attacks-through-access.patch @@ -0,0 +1,26 @@ +From 42ec718703ae82e617ff895d3db93b7ab529c372 Mon Sep 17 00:00:00 2001 +From: Roy +Date: Wed, 27 Mar 2024 13:39:14 +0100 +Subject: [PATCH 2/2] (Unverified). Help prevent XSS attacks through access to + database. + +--- + .../Shared/components/ComposeMessage/ComposeMessage.js | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js b/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js +index 4f4d8d0ea3..d0bd4e2549 100644 +--- a/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js ++++ b/DNN Platform/Website/Resources/Shared/components/ComposeMessage/ComposeMessage.js +@@ -63,7 +63,7 @@ + function attachFile(file) { + if ($.inArray(file.id, attachments) === -1) { + attachments.push(file.id); +- composeMessageDialog.find('.messageAttachments ul').append('
  • ' + file.name + '
  • '); ++ composeMessageDialog.find('.messageAttachments ul').append('
  • ' + $('').attr('title', dnn.decodeHTML(file.name)).text(dnn.decodeHTML(file.name)).after('
  • ')); + composeMessageDialog.find('.messageAttachments li:last-child .removeAttachment').click(function () { + var index = $.inArray(file.id, attachments); + if (index !== -1) { +-- +2.32.0 +