Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2025-12-18 00:10:13 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Security Fix JVN#86586539: Stored XSS.

Browse source 
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7.
This commit is contained in:
Lauri Ojansivu 2025-10-10 23:14:06 +03:00
parent a0b94065c5
commit ee79cab7b2
9 changed files with 248 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

17
models/lists.js
View file

@ -313,6 +313,15 @@ Lists.helpers({
Lists.mutations({
rename(title) {
// Sanitize title on client side as well
if (typeof title === 'string') {
const { sanitizeTitle } = require('/server/lib/inputSanitizer');
const sanitizedTitle = sanitizeTitle(title);
if (process.env.DEBUG === 'true' && sanitizedTitle !== title) {
console.warn('Client-side sanitized list title:', title, '->', sanitizedTitle);
}
return { $set: { title: sanitizedTitle } };
}
return { $set: { title } };
},
star(enable = true) {
@ -644,7 +653,13 @@ if (Meteor.isServer) {
// Update title if provided
if (req.body.title) {
const newTitle = req.body.title;
const { sanitizeTitle } = require('/server/lib/inputSanitizer');
const newTitle = sanitizeTitle(req.body.title);
if (process.env.DEBUG === 'true' && newTitle !== req.body.title) {
console.warn('Sanitized list title input:', req.body.title, '->', newTitle);
}
Lists.direct.update(
{
_id: paramListId,