Incorrect encoding of conditions

diff --git a/wcfsetup/install/files/lib/system/condition/AbstractMultiCategoryCondition.class.php b/wcfsetup/install/files/lib/system/condition/AbstractMultiCategoryCondition.class.php
index 63732ff5f7aef960f39f12330e28d76b96eda97a..afe497fa2560b0eba9e927f73c0c6212577c7326 100644 (file)
--- a/wcfsetup/install/files/lib/system/condition/AbstractMultiCategoryCondition.class.php
+++ b/wcfsetup/install/files/lib/system/condition/AbstractMultiCategoryCondition.class.php
@@ -3,6 +3,7 @@ namespace wcf\system\condition;
 use wcf\data\category\CategoryNode;
 use wcf\data\category\CategoryNodeTree;
 use wcf\system\category\CategoryHandler;
+use wcf\util\StringUtil;
 
 /**
  * Abstract implementation of a condition for selecting multiple categories.
@@ -37,7 +38,7 @@ abstract class AbstractMultiCategoryCondition extends AbstractMultiSelectConditi
                $fieldElement = '<select name="'.$this->fieldName.'[]" id="'.$this->fieldName.'" multiple size="'.($categoryCount >= 10 ? 10 : $categoryCount).'">';
                /** @var CategoryNode $categoryNode */
                foreach ($categoryTree as $categoryNode) {
-                       $fieldElement .= "<option value=\"{$categoryNode->categoryID}\"".(in_array($categoryNode->categoryID, $this->fieldValue) ? ' selected' : '').">".str_repeat("&nbsp;&nbsp;&nbsp;&nbsp;", $categoryNode->getDepth() - 1).$categoryNode->getTitle()."</option>";
+                       $fieldElement .= "<option value=\"{$categoryNode->categoryID}\"".(in_array($categoryNode->categoryID, $this->fieldValue) ? ' selected' : '').">".str_repeat("&nbsp;&nbsp;&nbsp;&nbsp;", $categoryNode->getDepth() - 1) . StringUtil::encodeHTML($categoryNode->getTitle()) . "</option>";
                }
                $fieldElement .= '</select>';
                

diff --git a/wcfsetup/install/files/lib/system/condition/AbstractMultiSelectCondition.class.php b/wcfsetup/install/files/lib/system/condition/AbstractMultiSelectCondition.class.php
index 90fd8df12d35bba595246de3de3777d9ef8f44d2..afbc7629e0d80bf4def8b27163d03c16d552d5ad 100644 (file)
--- a/wcfsetup/install/files/lib/system/condition/AbstractMultiSelectCondition.class.php
+++ b/wcfsetup/install/files/lib/system/condition/AbstractMultiSelectCondition.class.php
@@ -3,6 +3,7 @@ namespace wcf\system\condition;
 use wcf\system\exception\UserInputException;
 use wcf\system\WCF;
 use wcf\util\ArrayUtil;
+use wcf\util\StringUtil;
 
 /**
  * Abstract implementation of a condition with multi select options.
@@ -54,7 +55,7 @@ abstract class AbstractMultiSelectCondition extends AbstractSelectCondition {
         * @inheritDoc
         */
        protected function getOptionCode($value, $label) {
-               return '<option value="'.$value.'"'.(in_array($value, $this->fieldValue) ? ' selected' : '').'>'.WCF::getLanguage()->get($label).'</option>';
+               return '<option value="'.$value.'"'.(in_array($value, $this->fieldValue) ? ' selected' : '').'>' . StringUtil::encodeHTML(WCF::getLanguage()->get($label)) . '</option>';
        }
        
        /**

diff --git a/wcfsetup/install/files/lib/system/condition/AbstractSelectCondition.class.php b/wcfsetup/install/files/lib/system/condition/AbstractSelectCondition.class.php
index 7a6e18809020dd16334b6f45143dc6f06b016400..00fa564e39dc8f679445f05ff27d10d07fb4cf53 100644 (file)
--- a/wcfsetup/install/files/lib/system/condition/AbstractSelectCondition.class.php
+++ b/wcfsetup/install/files/lib/system/condition/AbstractSelectCondition.class.php
@@ -3,6 +3,7 @@ namespace wcf\system\condition;
 use wcf\data\condition\Condition;
 use wcf\system\exception\UserInputException;
 use wcf\system\WCF;
+use wcf\util\StringUtil;
 
 /**
  * Abstract implementation of a condition with select options.
@@ -79,7 +80,7 @@ abstract class AbstractSelectCondition extends AbstractSingleFieldCondition {
         * @return      string
         */
        protected function getOptGroupCode($label, array $options) {
-               $html = '<optgroup label="'.$label.'">';
+               $html = '<optgroup label="' . StringUtil::encodeHTML($label) . '">';
                foreach ($options as $key => $value) {
                        $html .= $this->getOptionCode($key, $value);
                }
@@ -96,7 +97,7 @@ abstract class AbstractSelectCondition extends AbstractSingleFieldCondition {
         * @return      string
         */
        protected function getOptionCode($value, $label) {
-               return '<option value="'.$value.'"'.($this->fieldValue == $value ? ' selected' : '').'>'.WCF::getLanguage()->get($label).'</option>';
+               return '<option value="'.$value.'"'.($this->fieldValue == $value ? ' selected' : '').'>' . StringUtil::encodeHTML(WCF::getLanguage()->get($label)) . '</option>';
        }
        
        /**

diff --git a/wcfsetup/install/files/lib/system/condition/UserGroupCondition.class.php b/wcfsetup/install/files/lib/system/condition/UserGroupCondition.class.php
index 144caa73b30063f663a8bd63c144f1a2b73a1451..b2470367e4e30dd060d70611ace9aa62df2e8b68 100644 (file)
--- a/wcfsetup/install/files/lib/system/condition/UserGroupCondition.class.php
+++ b/wcfsetup/install/files/lib/system/condition/UserGroupCondition.class.php
@@ -8,6 +8,7 @@ use wcf\data\DatabaseObjectList;
 use wcf\system\exception\UserInputException;
 use wcf\system\WCF;
 use wcf\util\ArrayUtil;
+use wcf\util\StringUtil;
 
 /**
  * Condition implementation for all of the user groups a user has to be a member
@@ -147,7 +148,7 @@ HTML;
                $returnValue = "";
                foreach ($userGroups as $userGroup) {
                        /** @noinspection PhpVariableVariableInspection */
-                       $returnValue .= "<label><input type=\"checkbox\" name=\"".$identifier."[]\" value=\"".$userGroup->groupID."\"".(in_array($userGroup->groupID, $this->$identifier) ? ' checked' : "")."> ".$userGroup->getName()."</label>";
+                       $returnValue .= "<label><input type=\"checkbox\" name=\"".$identifier."[]\" value=\"".$userGroup->groupID."\"".(in_array($userGroup->groupID, $this->$identifier) ? ' checked' : "")."> " . StringUtil::encodeHTML($userGroup->getName()) . "</label>";
                }
                
                return $returnValue;

diff --git a/wcfsetup/install/files/lib/system/io/Tar.class.php b/wcfsetup/install/files/lib/system/io/Tar.class.php
index ac3920b5d2b2487700982afe1d0f0b90c7b8a6ef..2258cd0c4cb28f69a8a445f378ef9a5423dc990c 100644 (file)
--- a/wcfsetup/install/files/lib/system/io/Tar.class.php
+++ b/wcfsetup/install/files/lib/system/io/Tar.class.php
@@ -313,7 +313,7 @@ class Tar implements IArchive {
                $data = unpack($format, $binaryData);
                
                // Extract the properties
-               $header['checksum'] = @octdec(trim($data['checksum']));
+               $header['checksum'] = octdec(trim($data['checksum']));
                if ($header['checksum'] == $checksum) {
                        $header['filename'] = trim($data['filename']);
                        $header['mode'] = octdec(trim($data['mode']));