+ some HTML output sanitization; fixes XSS in listing
parent
a3eca1210b
commit
43da1a7b03
|
@ -24,7 +24,7 @@ function register() {
|
|||
function login() {
|
||||
local username=$(echo -ne $(echo "$1" | sed -E 's/%/\\x/g'))
|
||||
IFS=':'
|
||||
local user=($(grep "$username:" secret/users.dat))
|
||||
local user=($(grep -P "$username:" secret/users.dat))
|
||||
unset IFS
|
||||
if [[ $(echo -n $2${user[2]} | sha256sum | cut -c 1-64 ) == ${user[1]} ]]; then
|
||||
set_cookie_permanent "sh_session" ${user[3]}
|
||||
|
|
|
@ -36,3 +36,9 @@ function post_dump() {
|
|||
echo "${i}=${post_data[$i]}"
|
||||
done
|
||||
}
|
||||
|
||||
# html_encode(string)
|
||||
function html_encode() {
|
||||
#echo -n "$1" | xxd -ps | sed -E 's/.{2}/\&#x&;/g'
|
||||
echo -n "$1" | sed 's/</\</g;s/>/\>/g;s/%/\%/g;s/\//\//g;s/\\/\\/g;s/'"'"'/\'/g;s/"/\"/g;s/`/\`/g;s/?/\?/g'
|
||||
}
|
||||
|
|
|
@ -3,10 +3,10 @@ ${cfg[extra_headers]}\r\n\r\n"
|
|||
|
||||
source templates/head.sh
|
||||
|
||||
printf "<h1>Index of $([[ ${r[url]} == '' ]] && echo '/' || echo ${r[url]})</h1>"
|
||||
printf "<h1>Index of $([[ ${r[url]} == '' ]] && echo '/' || echo $(html_encode ${r[url]}))</h1>"
|
||||
|
||||
if [[ ${cookies[username]} != '' ]]; then
|
||||
echo "Logged in as ${cookies[username]}"
|
||||
echo "Logged in as $(html_encode ${cookies[username]})"
|
||||
fi
|
||||
|
||||
printf "<table>
|
||||
|
@ -23,11 +23,11 @@ IFS=$'\n'
|
|||
for i in $(ls ${r[uri]}); do
|
||||
unset IFS
|
||||
stats=($(ls -hld "${r[uri]}/$i")) # -hld stands for Half-Life Dedicated
|
||||
if [[ -d ${r[uri]}'/'$i ]]; then
|
||||
printf "<tr><td><a href='$(echo -ne ${r[url]})/$i/'>$i</a></td><td><DIR></td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
|
||||
if [[ -d "${r[uri]}"'/'"$i" ]]; then
|
||||
printf "<tr><td><a href='$(html_encode "${r[url]}/$i/")'>$(html_encode "$i")</a></td><td><DIR></td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
|
||||
else
|
||||
printf "<tr><td><a href='$(echo -ne ${r[url]})/$i'>$i</a></td><td>${stats[4]}B</td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
|
||||
printf "<tr><td><a href='$(html_encode "${r[url]}/$i")'>$(html_encode "$i")</a></td><td>${stats[4]}B</td><td>${stats[5]} ${stats[6]} ${stats[7]}</td></tr>"
|
||||
fi
|
||||
done
|
||||
|
||||
printf "</table><p><i>HTTP.sh server on ${r[host]}</i></p><p>laura is cute</p>"
|
||||
printf "</table><p><i>HTTP.sh server on $(html_encode ${r[host]})</i></p><p>laura is cute</p>"
|
||||
|
|
Loading…
Reference in New Issue