diff options
Diffstat (limited to 'debian/patches/CVE-2021-3427_1.patch')
-rw-r--r-- | debian/patches/CVE-2021-3427_1.patch | 125 |
1 files changed, 125 insertions, 0 deletions
diff --git a/debian/patches/CVE-2021-3427_1.patch b/debian/patches/CVE-2021-3427_1.patch new file mode 100644 index 0000000..fca4f58 --- /dev/null +++ b/debian/patches/CVE-2021-3427_1.patch @@ -0,0 +1,125 @@ +commit a5503c0c606e196f368a58ea3d1b8457e76a3a31 +Author: Calum Lind <calumlind+deluge@gmail.com> +Date: Mon Feb 14 18:00:23 2022 +0000 + + [WebUI] Fix encoding HTML entities for torrent attributes + + Ensure all torrent attributes that might contain malicious HTML entities + are encoded. + + By allowing HTML entities to be rendered it enable malicious torrent + files to perform XSS attacks. + + Resolves: https://dev.deluge-torrent.org/ticket/3459 + +diff --git a/deluge/ui/web/js/deluge-all/EditTrackersWindow.js b/deluge/ui/web/js/deluge-all/EditTrackersWindow.js +index f6733aaa6..178fd583f 100644 +--- a/deluge/ui/web/js/deluge-all/EditTrackersWindow.js ++++ b/deluge/ui/web/js/deluge-all/EditTrackersWindow.js +@@ -57,6 +57,7 @@ Deluge.EditTrackersWindow = Ext.extend(Ext.Window, { + header: _('Tracker'), + width: 0.9, + dataIndex: 'url', ++ tpl: new Ext.XTemplate('{url:htmlEncode}'), + }, + ], + columnSort: { +diff --git a/deluge/ui/web/js/deluge-all/FilterPanel.js b/deluge/ui/web/js/deluge-all/FilterPanel.js +index b6e5ec5ca..f1fade120 100644 +--- a/deluge/ui/web/js/deluge-all/FilterPanel.js ++++ b/deluge/ui/web/js/deluge-all/FilterPanel.js +@@ -171,5 +171,5 @@ Deluge.FilterPanel.templates = { + tracker_host: + '<div class="x-deluge-filter" style="background-image: url(' + + deluge.config.base + +- 'tracker/{filter});">{filter} ({count})</div>', ++ 'tracker/{filter});">{filter:htmlEncode} ({count})</div>', + }; +diff --git a/deluge/ui/web/js/deluge-all/TorrentGrid.js b/deluge/ui/web/js/deluge-all/TorrentGrid.js +index 198ec279f..ded3fb03b 100644 +--- a/deluge/ui/web/js/deluge-all/TorrentGrid.js ++++ b/deluge/ui/web/js/deluge-all/TorrentGrid.js +@@ -17,7 +17,7 @@ + return String.format( + '<div class="torrent-name x-deluge-{0}">{1}</div>', + r.data['state'].toLowerCase(), +- value ++ Ext.util.Format.htmlEncode(value) + ); + } + function torrentSpeedRenderer(value) { +@@ -62,7 +62,7 @@ + '<div style="background: url(' + + deluge.config.base + + 'tracker/{0}) no-repeat; padding-left: 20px;">{0}</div>', +- value ++ Ext.util.Format.htmlEncode(value) + ); + } + +diff --git a/deluge/ui/web/js/deluge-all/add/AddWindow.js b/deluge/ui/web/js/deluge-all/add/AddWindow.js +index a4aff067b..771543de3 100644 +--- a/deluge/ui/web/js/deluge-all/add/AddWindow.js ++++ b/deluge/ui/web/js/deluge-all/add/AddWindow.js +@@ -93,6 +93,9 @@ Deluge.add.AddWindow = Ext.extend(Deluge.add.Window, { + sortable: true, + renderer: torrentRenderer, + dataIndex: 'text', ++ tpl: new Ext.XTemplate( ++ '<div class="x-deluge-add-torrent-name">{text:htmlEncode}</div>' ++ ), + }, + ], + stripeRows: true, +diff --git a/deluge/ui/web/js/deluge-all/add/FilesTab.js b/deluge/ui/web/js/deluge-all/add/FilesTab.js +index fed52282d..d712c023d 100644 +--- a/deluge/ui/web/js/deluge-all/add/FilesTab.js ++++ b/deluge/ui/web/js/deluge-all/add/FilesTab.js +@@ -28,6 +28,7 @@ Deluge.add.FilesTab = Ext.extend(Ext.ux.tree.TreeGrid, { + header: _('Filename'), + width: 295, + dataIndex: 'filename', ++ tpl: new Ext.XTemplate('{filename:htmlEncode}'), + }, + { + header: _('Size'), +diff --git a/deluge/ui/web/js/deluge-all/details/DetailsTab.js b/deluge/ui/web/js/deluge-all/details/DetailsTab.js +index fdb4f7f0d..f1da178b1 100644 +--- a/deluge/ui/web/js/deluge-all/details/DetailsTab.js ++++ b/deluge/ui/web/js/deluge-all/details/DetailsTab.js +@@ -91,7 +91,9 @@ Deluge.details.DetailsTab = Ext.extend(Ext.Panel, { + for (var field in this.fields) { + if (!Ext.isDefined(data[field])) continue; // This is a field we are not responsible for. + if (data[field] == this.oldData[field]) continue; +- this.fields[field].dom.innerHTML = Ext.escapeHTML(data[field]); ++ this.fields[field].dom.innerHTML = Ext.util.Format.htmlEncode( ++ data[field] ++ ); + } + this.oldData = data; + }, +diff --git a/deluge/ui/web/js/deluge-all/details/FilesTab.js b/deluge/ui/web/js/deluge-all/details/FilesTab.js +index edc388d19..60de832a6 100644 +--- a/deluge/ui/web/js/deluge-all/details/FilesTab.js ++++ b/deluge/ui/web/js/deluge-all/details/FilesTab.js +@@ -18,6 +18,7 @@ Deluge.details.FilesTab = Ext.extend(Ext.ux.tree.TreeGrid, { + header: _('Filename'), + width: 330, + dataIndex: 'filename', ++ tpl: new Ext.XTemplate('{filename:htmlEncode}'), + }, + { + header: _('Size'), +diff --git a/deluge/ui/web/js/deluge-all/details/PeersTab.js b/deluge/ui/web/js/deluge-all/details/PeersTab.js +index 66d4a4b95..a1919630d 100644 +--- a/deluge/ui/web/js/deluge-all/details/PeersTab.js ++++ b/deluge/ui/web/js/deluge-all/details/PeersTab.js +@@ -73,7 +73,7 @@ + header: _('Client'), + width: 125, + sortable: true, +- renderer: fplain, ++ renderer: 'htmlEncode', + dataIndex: 'client', + }, + { |