Module: check_mk
Branch: master
Commit: 851a9ef962ee30605030fae820bd82941946e138
URL:
http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=851a9ef962ee30…
Author: Lars Michelsen <lm(a)mathias-kettner.de>
Date: Thu Sep 13 18:19:42 2018 +0200
6565 SEC Fixed possible XSS issues in Bookmarks snapin
We've discovered and fixed several possible XSS issues affecting
the Bookmarks snapin. These could be used to execute arbitrary
javascript code in the context of an authenticated user.
Change-Id: I00bcaf7fb226ecbc2da68c4e5d851fc6787c9967
---
.werks/6565 | 12 ++++++++++++
cmk/gui/htmllib.py | 4 ++--
cmk/gui/plugins/sidebar/utils.py | 2 +-
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/.werks/6565 b/.werks/6565
new file mode 100644
index 0000000..b238de7
--- /dev/null
+++ b/.werks/6565
@@ -0,0 +1,12 @@
+Title: Fixed possible XSS issues in Bookmarks snapin
+Level: 1
+Component: multisite
+Compatible: compat
+Edition: cre
+Version: 1.6.0i1
+Date: 1536855459
+Class: security
+
+We've discovered and fixed several possible XSS issues affecting
+the Bookmarks snapin. These could be used to execute arbitrary
+javascript code in the context of an authenticated user.
diff --git a/cmk/gui/htmllib.py b/cmk/gui/htmllib.py
index 92fe1e6..303fa8f 100644
--- a/cmk/gui/htmllib.py
+++ b/cmk/gui/htmllib.py
@@ -2593,8 +2593,8 @@ class html(HTMLGenerator):
if self._user_id:
isopen = self.foldable_container_is_open(treename, id, isopen)
- onclick = "toggle_foldable_container(\'%s\', \'%s\',
\'%s\')"\
- % (treename, id, fetch_url if fetch_url else '')
+ onclick = "toggle_foldable_container(%s, %s, %s)"\
+ % (json.dumps(treename), json.dumps(id), json.dumps(fetch_url if
fetch_url else ''))
img_id = "treeimg.%s.%s" % (treename, id)
diff --git a/cmk/gui/plugins/sidebar/utils.py b/cmk/gui/plugins/sidebar/utils.py
index 54d1b07..aed44c0 100644
--- a/cmk/gui/plugins/sidebar/utils.py
+++ b/cmk/gui/plugins/sidebar/utils.py
@@ -259,7 +259,7 @@ def bulletlink(text, url, target="main", onclick = None):
def iconlink(text, url, icon):
html.open_a(class_=["iconlink", "link"], target="main",
href=url)
html.icon(icon=icon, help=None, cssclass="inline")
- html.write(text)
+ html.write_text(text)
html.close_a()
html.br()