Merge pull request #80 from 418sec/1-packagist-spoon/library

carakas · web-flow · commit 8a815817087e · 2021-03-24T16:14:23.000+01:00
Security Fix for XSS in Spoon form types hidden, date and time - huntr.dev
diff --git a/spoon/form/date.php b/spoon/form/date.php
@@ -377,7 +377,7 @@ public function parse($template = null)
 		if($this->attributes['name'] == '') throw new SpoonFormException('A name is required for a date field. Please provide a valid name.');
 
 		// start html generation
-		$output = '<input type="text" value="' . $this->getValue() . '"';
+		$output = '<input type="text" value="' . SpoonFilter::htmlspecialchars($this->getValue()) . '"';
 
 		// add attributes
 		$output .= $this->getAttributesHTML(array('[id]' => $this->attributes['id'], '[name]' => $this->attributes['name'], '[value]' => $this->getValue())) . ' />';
diff --git a/spoon/form/hidden.php b/spoon/form/hidden.php
@@ -109,7 +109,7 @@ public function isFilled()
 	public function parse($template = null)
 	{
 		// start html generation
-		$output = '<input type="hidden" value="' . $this->getValue() . '"';
+		$output = '<input type="hidden" value="' . SpoonFilter::htmlspecialchars($this->getValue()) . '"';
 
 		// build attributes
 		$attributes = array();
diff --git a/spoon/form/password.php b/spoon/form/password.php
@@ -273,7 +273,7 @@ public function parse($template = null)
 		if($this->attributes['name'] == '') throw new SpoonFormException('A name is required for a password field. Please provide a name.');
 
 		// start html generation
-		$output = '<input type="password" value="' . str_replace(array('"', '<', '>'), array('&quot;', '&lt;', '&gt;'), $this->getValue()) . '"';
+		$output = '<input type="password" value="' . SpoonFilter::htmlspecialchars($this->getValue()) . '"';
 
 		// add attributes
 		$output .= $this->getAttributesHTML(array('[id]' => $this->attributes['id'], '[name]' => $this->attributes['name'], '[value]' => $this->getValue())) . ' />';
diff --git a/spoon/form/text.php b/spoon/form/text.php
@@ -788,7 +788,7 @@ public function parse($template = null)
 		if($this->attributes['name'] == '') throw new SpoonFormException('A name is required for a textfield. Please provide a name.');
 
 		// start html generation
-		$output = '<input value="' . str_replace(array('"', '<', '>'), array('&quot;', '&lt;', '&gt;'), $this->getValue()) . '"';
+		$output = '<input value="' . SpoonFilter::htmlspecialchars($this->getValue()) . '"';
 
 		// add attributes
 		$output .= $this->getAttributesHTML(array('[id]' => $this->attributes['id'], '[name]' => $this->attributes['name'], '[value]' => $this->getValue())) . ' />';
diff --git a/spoon/form/time.php b/spoon/form/time.php
@@ -216,7 +216,7 @@ public function parse($template = null)
 		if($this->attributes['name'] == '') throw new SpoonFormException('A name is required for a time field. Please provide a name.');
 
 		// start html generation
-		$output = '<input type="text" value="' . $this->getValue() . '"';
+		$output = '<input type="text" value="' . SpoonFilter::htmlspecialchars($this->getValue()) . '"';
 
 		// add attributes
 		$output .= $this->getAttributesHTML(array('[id]' => $this->attributes['id'], '[name]' => $this->attributes['name'], '[value]' => $this->getValue())) . ' />';

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,7 @@ public function isFilled()`
`109`	`109`	`public function parse($template = null)`
`110`	`110`	`{`
`111`	`111`	`// start html generation`
`112`		`- $output = '<input type="hidden" value="' . $this->getValue() . '"';`
	`112`	`+ $output = '<input type="hidden" value="' . SpoonFilter::htmlspecialchars($this->getValue()) . '"';`
`113`	`113`
`114`	`114`	`// build attributes`
`115`	`115`	`$attributes = array();`