From 06b37ea2f65b4dac922ed248c676e5cf0dc0a472 Mon Sep 17 00:00:00 2001
From: Benjamin Renard <brenard@zionetrix.net>
Date: Fri, 8 Jun 2018 17:41:28 +0200
Subject: [PATCH] Fix XSS problem using LSdebug/LSerror/LSinfos

---
 public_html/includes/class/class.LSerror.php   | 2 +-
 public_html/includes/class/class.LSsession.php | 7 +------
 public_html/includes/functions.php             | 4 ++--
 public_html/templates/default/LSdefault.tpl    | 8 +++++++-
 4 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/public_html/includes/class/class.LSerror.php b/public_html/includes/class/class.LSerror.php
index 8c41d1a6..ee7514e5 100644
--- a/public_html/includes/class/class.LSerror.php
+++ b/public_html/includes/class/class.LSerror.php
@@ -132,7 +132,7 @@ class LSerror {
   * @retvat string Le texte des erreurs
   */
   private static function getError($error) {
-    return "(Code ".$error[0].") ".getFData(self :: $_errorCodes[$error[0]]['msg'],$error[1]);
+    return "(Code ".htmlentities($error[0]).") ".htmlentities(getFData(self :: $_errorCodes[$error[0]]['msg'],$error[1]));
   }
   
  /**
diff --git a/public_html/includes/class/class.LSsession.php b/public_html/includes/class/class.LSsession.php
index 79ee5ced..a7482c9d 100644
--- a/public_html/includes/class/class.LSsession.php
+++ b/public_html/includes/class/class.LSsession.php
@@ -1424,12 +1424,7 @@ class LSsession {
 
     // Infos
     if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
-      $txt_infos="<ul>\n";
-      foreach($_SESSION['LSsession_infos'] as $info) {
-        $txt_infos.="<li>$info</li>\n";
-      }
-      $txt_infos.="</ul>\n";
-      LStemplate :: assign('LSinfos',$txt_infos);
+      LStemplate :: assign('LSinfos',$_SESSION['LSsession_infos']);
       $_SESSION['LSsession_infos']=array();
     }
     
diff --git a/public_html/includes/functions.php b/public_html/includes/functions.php
index 47f6981a..270c4dd6 100644
--- a/public_html/includes/functions.php
+++ b/public_html/includes/functions.php
@@ -257,10 +257,10 @@ function LSdebug_print($return=false,$ul=true) {
     if ($ul) $txt='<ul>'; else $txt="";
     foreach($GLOBALS['LSdebug_fields'] as $debug) {
       if (is_array($debug)||is_object($debug)) {
-        $txt.='<li><pre>'.print_r($debug,true).'</pre></li>';
+        $txt.='<li><pre>'.htmlentities(print_r($debug,true)).'</pre></li>';
       }
       else {
-        $txt.='<li><pre>'.$debug.'</pre></li>';
+        $txt.='<li><pre>'.htmlentities(strval($debug)).'</pre></li>';
       }
     }
     if ($ul) $txt.='</ul>';
diff --git a/public_html/templates/default/LSdefault.tpl b/public_html/templates/default/LSdefault.tpl
index 44eecf06..ff0d40ed 100644
--- a/public_html/templates/default/LSdefault.tpl
+++ b/public_html/templates/default/LSdefault.tpl
@@ -1,6 +1,12 @@
 <div id='LSjsConfig'>{$LSjsConfig}</div>
 
-<div id='LSinfos_txt'>{$LSinfos}</div>
+<div id='LSinfos_txt'>{if is_array($LSinfos) && !empty($LSinfos)}
+<ul>
+{foreach $LSinfos as $info}
+<li>{$info|escape:"htmlall"}</li>
+{/foreach}
+</ul>
+{/if}</div>
 
 <div id='LSerror_txt'>{$LSerrors}</div>