Skip to content

Commit

Permalink
Merge pull request #382 from tyrant88/tyrant88-patch-142
Browse files Browse the repository at this point in the history
Security Fix in Statistik PlugIn
  • Loading branch information
tyrant88 authored Oct 22, 2023
2 parents 8f69cca + b4fb44b commit 3a0cb70
Show file tree
Hide file tree
Showing 8 changed files with 18 additions and 13 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,7 @@
# Changelog
## Version 6.9.10 (2023-10-21)
- Security Fix: escape Suchbegriffe

## Version 6.9.9 (2023-09-23)
- Fix indexing wenn hinter Proxy ;-)
- Code Style (CS)
Expand Down
2 changes: 1 addition & 1 deletion package.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
package: search_it
version: '6.9.9'
version: '6.9.10'
author: Friends Of REDAXO
supportpage: https://github.com/FriendsOfREDAXO/search_it

Expand Down
2 changes: 1 addition & 1 deletion plugins/autocomplete/package.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
package: search_it/autocomplete
version: '6.9.9'
version: '6.9.10'
author: Manétage

title: 'translate:search_it_autocomplete_plugin_title'
Expand Down
2 changes: 1 addition & 1 deletion plugins/documentation/package.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
package: search_it/documentation
version: '6.9.9'
version: '6.9.10'
author: Friends Of REDAXO

title: 'translate:search_it_documentation_title'
Expand Down
2 changes: 1 addition & 1 deletion plugins/plaintext/package.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
package: search_it/plaintext
version: '6.9.9'
version: '6.9.10'
author: Friends Of REDAXO

title: 'translate:search_it_plaintext_title'
Expand Down
4 changes: 2 additions & 2 deletions plugins/stats/images/searchterm_timestats.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@
$max = $month['count'];
}

$title = $this->i18n(
$title = rex_i18n::rawMsg(
'search_it_stats_searchterm_timestats_title',
empty($term)
? $this->i18n('search_it_stats_searchterm_timestats_title0_all')
: $this->i18n(
: rex_i18n::rawMsg(
'search_it_stats_searchterm_timestats_title0_single',
$term
),
Expand Down
2 changes: 1 addition & 1 deletion plugins/stats/package.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
package: search_it/stats
version: '6.9.9'
version: '6.9.10'
author: Friends Of REDAXO

title: 'translate:search_it_stats_plugin_title'
Expand Down
14 changes: 8 additions & 6 deletions plugins/stats/pages/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -114,11 +114,13 @@

// top search terms
$topsearchtermlist = '';
$topsearchtermselect = '<option value="all" ' . ($this->getConfig('searchtermselect') == 'all' ? ' selected="selected"' : '') . '>' . rex_escape($this->i18n('search_it_stats_searchterm_timestats_title0_all')) . '</option>';
$topsearchtermselect = '<option value="all" ' . ($this->getConfig('searchtermselect') == 'all' ? ' selected="selected"' : '') . '>' . $this->i18n('search_it_stats_searchterm_timestats_title0_all') . '</option>';
$topsearchterms = $stats->getTopSearchterms($this->getConfig('maxtopsearchitems'));
foreach ($topsearchterms as $term) {
$topsearchtermlist .= '<li class="' . ($term['success'] == '1' ? 'search_it-stats-success text-success' : 'search_it-stats-fail text-danger') . '"><strong>' . rex_escape($term['term']) . '</strong> <em>(' . $term['count'] . ')</em></li>';
$topsearchtermselect .= '<option value="_' . rex_escape($term['term']) . '"' . (($this->getConfig('searchtermselect') == '_' . $term['term']) ? ' selected="selected"' : '') . '>' . $this->i18n('search_it_stats_searchterm_timestats_title0_single', rex_escape($term['term'])) . '</option>';
$topsearchtermselect .= '<option value="_' . rex_escape($term['term'], 'url') . '"' .
($this->getConfig('searchtermselect') == '_' . rex_escape($term['term'], 'url') ? ' selected="selected"' : '') . '>' .
rex_i18n::rawMsg('search_it_stats_searchterm_timestats_title0_single', rex_escape($term['term'])) . '</option>';
}

if (!empty($topsearchterms)) {
Expand Down Expand Up @@ -185,10 +187,10 @@

$pre = rex_i18n::rawMsg('search_it_stats_searchterm_timestats_title', $topsearchtermselect, $searchtermselectmonthcount);
$rest = '<img src="index.php?page=search_it/stats&amp;func=image&amp;image=searchterm_timestats&amp;term='
. rex_escape(urlencode($this->getConfig('searchtermselect') == 'all' ? 'all' : $this->getConfig('searchtermselect')))
. ($this->getConfig('searchtermselect') == 'all' ? 'all' : $this->getConfig('searchtermselect'))
. '&amp;monthcount=' . intval($this->getConfig('searchtermselectmonthcount')) . '" alt="'
. $this->i18n('search_it_stats_searchterm_timestats_title', $this->getConfig('searchtermselect') == 'all' ? $this->i18n('search_it_stats_searchterm_timestats_title0_all') : $this->i18n('search_it_stats_searchterm_timestats_title0_single', substr($this->getConfig('searchtermselect'), 1)), intval($this->getConfig('searchtermselectmonthcount'))) . '"'
. ' title="' . rex_escape($this->i18n('search_it_stats_searchterm_timestats_title', $this->getConfig('searchtermselect') == 'all' ? $this->i18n('search_it_stats_searchterm_timestats_title0_all') : $this->i18n('search_it_stats_searchterm_timestats_title0_single', substr($this->getConfig('searchtermselect'), 1)), intval($this->getConfig('searchtermselectmonthcount')))) . '" />';
. $this->i18n('search_it_stats_searchterm_timestats_title', $this->getConfig('searchtermselect') == 'all' ? $this->i18n('search_it_stats_searchterm_timestats_title0_all') : rex_i18n::rawMsg('search_it_stats_searchterm_timestats_title0_single', substr($this->getConfig('searchtermselect'), 1)), intval($this->getConfig('searchtermselectmonthcount'))) . '"'
. ' title="' . $this->i18n('search_it_stats_searchterm_timestats_title', $this->getConfig('searchtermselect') == 'all' ? $this->i18n('search_it_stats_searchterm_timestats_title0_all') : rex_i18n::rawMsg('search_it_stats_searchterm_timestats_title0_single', substr($this->getConfig('searchtermselect'), 1)), intval($this->getConfig('searchtermselectmonthcount'))) . '" />';

$content[] = search_it_getSettingsFormSection(
'searchterm_timestats',
Expand Down Expand Up @@ -276,7 +278,7 @@ function (data) {
select = '';
}
jQuery('#search_it_stats_searchtermselect').append(
jQuery('<option value="_' + item.term + '"' + select + '>').text('"' + item.term + '"')
jQuery('<option value="_' + encodeURIComponent(item.term) + '"' + select + '>').text(item.term)
);
});

Expand Down

0 comments on commit 3a0cb70

Please sign in to comment.