smeserver-phpwebftp/contribs9/smeserver-phpwebftp-4.0.bz9528.XSSvulnerability.patch

diff -Nur smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php
--- smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php   2016-08-03 02:10:05.000000000 -0400
+++ smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php       2016-08-03 03:43:21.080325488 -0400
@@ -22,7 +22,7 @@
        */
 
        session_start();
-
+       header('Content-type: text/html; charset=utf-8');// fix incorrect display fr  SME9
        include('config.inc.php'); //load configuration
        include("include/functions.inc.php");
        include("include/ftp.class.php");
@@ -90,43 +90,43 @@
        $goPassive=(isset($_POST['goPassive']))?$_POST['goPassive']:$_GET['goPassive'];
        */
     if (isset($_POST['goPassive'])) {
-           $goPassive=$_POST['goPassive'];
+           $goPassive=strip_tags($_POST['goPassive']);
     }
 
        if (isset($_POST['mode'])) {
-               $ftpMode = $_POST['mode'];
+               $ftpMode = strip_tags($_POST['mode']);
     }
 
        if (isset($_POST['actionType'])) {
-           $actionType=$_POST['actionType'];
+           $actionType=strip_tags($_POST['actionType']);
     }
 
        if (isset($_POST['currentDir'])) {
-           $currentDir=stripSlashes($_POST['currentDir']);
+           $currentDir=strip_tags(stripSlashes($_POST['currentDir']));
     } else {
                $currentDir="";
        }
     
     if (isset($_POST['file'])) {
-           $file=$_POST['file'];
+           $file=strip_tags($_POST['file']);
            $file=StripSlashes($file);
        }
 
     if (isset($_POST['file2'])) {
-           $file2=$_POST['file2'];
+           $file2=strip_tags($_POST['file2']);
            $file2=StripSlashes($file2);
     }
 
     if (isset($_POST['permissions'])) {
-           $permissions=$_POST['permissions'];
+           $permissions=strip_tags($_POST['permissions']);
     }
 
     if (isset($_POST['directory'])) {
-           $directory=$_POST['directory'];
+           $directory=strip_tags($_POST['directory']);
     }
 
     if (isset($_POST['fileContent'])) {
-           $fileContent=$_POST['fileContent'];
+           $fileContent=$_POST['fileContent'];// not sure we could strip_tags( the file
     }
 
        if (
@@ -138,28 +138,28 @@
                // login information. That allows relogging in without explicitly
                // loging out, eg with the "back" button.
                if ($editDefaultServer)
-                       $_SESSION['server']=$_POST['server'];
+                       $_SESSION['server']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['server']));
                else
                        $_SESSION['server']=$defaultServer;
 
                if (isset($_POST['user'])) {
-                       $_SESSION['user']=$_POST['user'];
+                       $_SESSION['user']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['user']));
                }
 
                if (isset($_POST['password'])) {
-                       $_SESSION['password']=$_POST['password'];
+                       $_SESSION['password']=strip_tags($_POST['password']);
                }
 
                if (isset($_POST['language'])) {
-                       $_SESSION['language']=$_POST['language'];
+                       $_SESSION['language']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['language']));
                }
 
                if (isset($_POST['port'])) {
-                       $_SESSION['port']=$_POST['port'];
+                       $_SESSION['port']=preg_replace("/[^0-9]+/i", "",strip_tags($_POST['port']));
                }
 
                if (isset($_POST['passive'])) {
-                       $_SESSION['passive']=$_POST['passive'];
+                       $_SESSION['passive']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['passive']));
                }
        }
 
@@ -182,27 +182,27 @@
        }
 
     if (isset($_SESSION['server'])) {
-           $server=$_SESSION['server'];
+           $server=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['server']));
        }
 
     if (isset($_SESSION['user'])) {
-           $user=$_SESSION['user'];
+           $user=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['user']));
     }
 
     if (isset($_SESSION['password'])) {
-           $password=$_SESSION['password'];
+           $password=strip_tags($_SESSION['password']);
     }
 
     if (isset($_SESSION['language'])) {
-           $language=$_SESSION['language'];
+           $language=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['language']));
     }
 
     if (isset($_SESSION['port'])) {
-           $port=$_SESSION['port'];
+           $port=preg_replace("/[^0-9]+/i", "",$_SESSION['port']);
     }
 
     if (isset($_SESSION['passive'])) {
-           $passive=$_SESSION['passive'];
+           $passive=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['passive']));
     } else {
                $passive = false;
        }
@@ -611,7 +611,7 @@
                </style>
                <script type="text/javascript">
                        // variables for javascript
-                       var currentUser = "<?=$_SESSION["user"]?>";
+                       var currentUser = "<?=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION["user"]))?>";
                        var dir = "<?=$ftp->currentDir;?>";
                        var uncompress = new Array();
 <?
1	diff -Nur smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php
2	--- smeserver-phpwebftp-4.0.old/root/home/httpd/html/webftp/index.php 2016-08-03 02:10:05.000000000 -0400
3	+++ smeserver-phpwebftp-4.0/root/home/httpd/html/webftp/index.php 2016-08-03 03:43:21.080325488 -0400
4	@@ -22,7 +22,7 @@
5	*/
6
7	session_start();
8	-
9	+ header('Content-type: text/html; charset=utf-8');// fix incorrect display fr SME9
10	include('config.inc.php'); //load configuration
11	include("include/functions.inc.php");
12	include("include/ftp.class.php");
13	@@ -90,43 +90,43 @@
14	$goPassive=(isset($_POST['goPassive']))?$_POST['goPassive']:$_GET['goPassive'];
15	*/
16	if (isset($_POST['goPassive'])) {
17	- $goPassive=$_POST['goPassive'];
18	+ $goPassive=strip_tags($_POST['goPassive']);
19	}
20
21	if (isset($_POST['mode'])) {
22	- $ftpMode = $_POST['mode'];
23	+ $ftpMode = strip_tags($_POST['mode']);
24	}
25
26	if (isset($_POST['actionType'])) {
27	- $actionType=$_POST['actionType'];
28	+ $actionType=strip_tags($_POST['actionType']);
29	}
30
31	if (isset($_POST['currentDir'])) {
32	- $currentDir=stripSlashes($_POST['currentDir']);
33	+ $currentDir=strip_tags(stripSlashes($_POST['currentDir']));
34	} else {
35	$currentDir="";
36	}
37
38	if (isset($_POST['file'])) {
39	- $file=$_POST['file'];
40	+ $file=strip_tags($_POST['file']);
41	$file=StripSlashes($file);
42	}
43
44	if (isset($_POST['file2'])) {
45	- $file2=$_POST['file2'];
46	+ $file2=strip_tags($_POST['file2']);
47	$file2=StripSlashes($file2);
48	}
49
50	if (isset($_POST['permissions'])) {
51	- $permissions=$_POST['permissions'];
52	+ $permissions=strip_tags($_POST['permissions']);
53	}
54
55	if (isset($_POST['directory'])) {
56	- $directory=$_POST['directory'];
57	+ $directory=strip_tags($_POST['directory']);
58	}
59
60	if (isset($_POST['fileContent'])) {
61	- $fileContent=$_POST['fileContent'];
62	+ $fileContent=$_POST['fileContent'];// not sure we could strip_tags( the file
63	}
64
65	if (
66	@@ -138,28 +138,28 @@
67	// login information. That allows relogging in without explicitly
68	// loging out, eg with the "back" button.
69	if ($editDefaultServer)
70	- $_SESSION['server']=$_POST['server'];
71	+ $_SESSION['server']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['server']));
72	else
73	$_SESSION['server']=$defaultServer;
74
75	if (isset($_POST['user'])) {
76	- $_SESSION['user']=$_POST['user'];
77	+ $_SESSION['user']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['user']));
78	}
79
80	if (isset($_POST['password'])) {
81	- $_SESSION['password']=$_POST['password'];
82	+ $_SESSION['password']=strip_tags($_POST['password']);
83	}
84
85	if (isset($_POST['language'])) {
86	- $_SESSION['language']=$_POST['language'];
87	+ $_SESSION['language']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['language']));
88	}
89
90	if (isset($_POST['port'])) {
91	- $_SESSION['port']=$_POST['port'];
92	+ $_SESSION['port']=preg_replace("/[^0-9]+/i", "",strip_tags($_POST['port']));
93	}
94
95	if (isset($_POST['passive'])) {
96	- $_SESSION['passive']=$_POST['passive'];
97	+ $_SESSION['passive']=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_POST['passive']));
98	}
99	}
100
101	@@ -182,27 +182,27 @@
102	}
103
104	if (isset($_SESSION['server'])) {
105	- $server=$_SESSION['server'];
106	+ $server=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['server']));
107	}
108
109	if (isset($_SESSION['user'])) {
110	- $user=$_SESSION['user'];
111	+ $user=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['user']));
112	}
113
114	if (isset($_SESSION['password'])) {
115	- $password=$_SESSION['password'];
116	+ $password=strip_tags($_SESSION['password']);
117	}
118
119	if (isset($_SESSION['language'])) {
120	- $language=$_SESSION['language'];
121	+ $language=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['language']));
122	}
123
124	if (isset($_SESSION['port'])) {
125	- $port=$_SESSION['port'];
126	+ $port=preg_replace("/[^0-9]+/i", "",$_SESSION['port']);
127	}
128
129	if (isset($_SESSION['passive'])) {
130	- $passive=$_SESSION['passive'];
131	+ $passive=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION['passive']));
132	} else {
133	$passive = false;
134	}
135	@@ -611,7 +611,7 @@
136	</style>
137	<script type="text/javascript">
138	// variables for javascript
139	- var currentUser = "<?=$_SESSION["user"]?>";
140	+ var currentUser = "<?=preg_replace("/[^0-9a-z\-_.]+/i", "",strip_tags($_SESSION["user"]))?>";
141	var dir = "<?=$ftp->currentDir;?>";
142	var uncompress = new Array();
143	<?