summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOleh Vehera2018-10-11 12:02:11 (GMT)
committerOleh Vehera2018-10-11 12:02:11 (GMT)
commitd2b2b139a3c8e2e96c64525c17ebd89e01f157b6 (patch)
tree5e35b9ed5056c789606d989eea547ce1f849cc65
parentf692aab1b4b09c1e6d70dac9624b45c706618d9a (diff)
Security fix. See Lightbox2 - Moderately critical - Cross Site Scripting - SA-CONTRIB-2018-0637.x-1.0-beta27.x-1.x
-rwxr-xr-xlightbox2_handler_field_lightbox2.inc7
1 files changed, 6 insertions, 1 deletions
diff --git a/lightbox2_handler_field_lightbox2.inc b/lightbox2_handler_field_lightbox2.inc
index c96c001..c7ee3be 100755
--- a/lightbox2_handler_field_lightbox2.inc
+++ b/lightbox2_handler_field_lightbox2.inc
@@ -154,7 +154,12 @@ class lightbox2_handler_field_lightbox2 extends views_handler_field {
// div is hidden it won't show up as a lightbox. We also specify a group
// in the rel attribute in order to link the whole View together for paging.
$group_name = !empty($this->options['custom_group']) ? $this->options['custom_group'] : ($this->options['rel_group'] ? 'lightbox-popup-' . $this->view->name . '-' . implode('/', $this->view->args) : '');
- return "<a href='$link #lightbox-popup-{$i}' rel='lightmodal[{$group_name}|width:" . ($this->options['width'] ? $this->options['width'] : '600px') . ';height:' . ($this->options['height'] ? $this->options['height'] : '600px') . "][" . $caption . "]'>" . $tokens["[{$this->options['trigger_field']}]"] . "</a>
+ $group_name = check_plain($group_name);
+ $width = $this->options['width'] ? check_plain($this->options['width']) : '600px';
+ $height = $this->options['height'] ? check_plain($this->options['height']) : '600px';
+ $trigger_field = filter_xss_admin($this->options['trigger_field']);
+
+ return "<a href='$link #lightbox-popup-{$i}' rel='lightmodal[{$group_name}|width:" . $width . ';height:' . $height . "][" . $caption . "]'>" . $tokens["[{$trigger_field}]"] . "</a>
<div style='display: none;'><div id='lightbox-popup-{$i}' class='lightbox-popup'>$popup</div></div>";
}
else {