From 864f0392480317a6f44b0e3c26db23ad0e21e5fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20P=C3=A9rez=20Crespo?= <jaime.perez@uninett.no>
Date: Fri, 24 Jan 2020 10:57:02 +0100
Subject: [PATCH] Merge pull request from GHSA-mj9p-v2r8-wf8w
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Update the changelog

Signed-off-by: Jaime Pérez Crespo <jaime.perez@uninett.no>

* Bump version

Signed-off-by: Jaime Pérez Crespo <jaime.perez@uninett.no>

* Fix for XSS in email class

Signed-off-by: Jaime Pérez Crespo <jaime.perez@uninett.no>

* Fix issue with reportId not being properly sanitized

Signed-off-by: Jaime Pérez Crespo <jaime.perez@uninett.no>
---
 lib/SimpleSAML/Utils/EMail.php | 2 +-
 www/errorreport.php            | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/SimpleSAML/Utils/EMail.php b/lib/SimpleSAML/Utils/EMail.php
index 9ed369279..d7074cdf6 100644
--- a/lib/SimpleSAML/Utils/EMail.php
+++ b/lib/SimpleSAML/Utils/EMail.php
@@ -274,7 +274,7 @@ pre {
 </head>
 <body>
 <div class="container" style="background: #fafafa; border: 1px solid #eee; margin: 2em; padding: .6em;">
-' . $this->text . '
+' . htmlspecialchars($this->text) . '
 </div>
 </body>
 </html>';
diff --git a/www/errorreport.php b/www/errorreport.php
index 1c8071305..025a81ede 100644
--- a/www/errorreport.php
+++ b/www/errorreport.php
@@ -17,6 +17,10 @@ $reportId = $_REQUEST['reportId'];
 $email = $_REQUEST['email'];
 $text = $_REQUEST['text'];
 
+if (!preg_match('/^[0-9a-f]{8}$/', $reportId)) {
+    throw new \SimpleSAML\Error\Exception('Invalid reportID');
+}
+
 $data = null;
 try {
     $session = \SimpleSAML\Session::getSessionFromRequest();
-- 
GitLab