From: Joshua Rüsweg Date: Mon, 6 Aug 2018 13:19:10 +0000 (+0200) Subject: Check data key and sanitize value for getDataAttributes X-Git-Tag: 5.2.0_Alpha_1~364^2~101^2~7 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a87abbb24f77d5115138e90c5b51bfeec336db0b;p=GitHub%2FWoltLab%2FWCF.git Check data key and sanitize value for getDataAttributes See #2508 --- diff --git a/wcfsetup/install/files/lib/system/reaction/ReactionHandler.class.php b/wcfsetup/install/files/lib/system/reaction/ReactionHandler.class.php index 3f2326c6d0..fd0017b67e 100644 --- a/wcfsetup/install/files/lib/system/reaction/ReactionHandler.class.php +++ b/wcfsetup/install/files/lib/system/reaction/ReactionHandler.class.php @@ -26,6 +26,7 @@ use wcf\system\SingletonFactory; use wcf\system\user\notification\UserNotificationHandler; use wcf\system\WCF; use wcf\util\JSON; +use wcf\util\StringUtil; /** * Handles the reactions of objects. @@ -135,11 +136,15 @@ class ReactionHandler extends SingletonFactory { $returnDataAttributes = ''; foreach ($dataAttributes as $key => $value) { + if (!preg_match('/^[a-z0-9-]+$/', $key)) { + throw new \RuntimeException("Invalid key '". $key ."' for data attribute."); + } + if (!empty($returnDataAttributes)) { $returnDataAttributes .= ' '; } - $returnDataAttributes .= 'data-'. $key .'="'. $value .'"'; + $returnDataAttributes .= 'data-'. $key .'="'. StringUtil::encodeHTML($value) .'"'; } return $returnDataAttributes; @@ -316,7 +321,7 @@ class ReactionHandler extends SingletonFactory { if (UserActivityEventHandler::getInstance()->getObjectTypeID($likeable->getObjectType()->objectType.'.recentActivityEvent')) { $objectType = ObjectTypeCache::getInstance()->getObjectTypeByName('com.woltlab.wcf.user.recentActivityEvent', $likeable->getObjectType()->objectType.'.recentActivityEvent'); - if ($objectType->supportReactions) { + if ($objectType->supportsReactions) { if ($like->likeID) { UserActivityEventHandler::getInstance()->removeEvent($likeable->getObjectType()->objectType . '.recentActivityEvent', $likeable->getObjectID(), $user->userID); }