From 829d478f1b054c8ce1eeb4f15170dc4a1abb3e47 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 8 Feb 2017 15:07:05 +0300 Subject: [PATCH] add some protection against opener attacks if external site is opened via window.open() --- include/functions2.php | 4 ++-- js/functions.js | 12 ++++++++++-- js/viewfeed.js | 5 ++++- 3 files changed, 16 insertions(+), 5 deletions(-) diff --git a/include/functions2.php b/include/functions2.php index 6017a78f..6674c773 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -1957,7 +1957,7 @@ # $entry .= " " . # $filename . " (" . $ctype . ")" . ""; - $entry = "
$filename ($ctype)
"; array_push($entries_html, $entry); @@ -2038,7 +2038,7 @@ else $filename = ""; - $rv .= "
".$filename . $title."
"; }; diff --git a/js/functions.js b/js/functions.js index db18ac6d..6ba0922a 100755 --- a/js/functions.js +++ b/js/functions.js @@ -2064,9 +2064,17 @@ function getSelectionText() { return text.stripTags(); } +function openUrlPopup(url) { + var w = window.open(""); + + w.opener = null; + w.location = url; +} function openArticlePopup(id) { - window.open("backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + - "&csrf_token=" + getInitParam("csrf_token"), + var w = window.open("", "ttrss_article_popup", "height=900,width=900,resizable=yes,status=no,location=no,menubar=no,directories=no,scrollbars=yes,toolbar=no"); + + w.opener = null; + w.location = "backend.php?op=article&method=view&mode=raw&html=1&zoom=1&id=" + id + "&csrf_token=" + getInitParam("csrf_token"); } \ No newline at end of file diff --git a/js/viewfeed.js b/js/viewfeed.js index 1f597e22..dfbf8bce 100755 --- a/js/viewfeed.js +++ b/js/viewfeed.js @@ -1729,7 +1729,10 @@ function hlClicked(event, id) { function openArticleInNewWindow(id) { toggleUnread(id, 0, false); - window.open("backend.php?op=article&method=redirect&id=" + id); + + var w = window.open(""); + w.opener = null; + w.location = "backend.php?op=article&method=redirect&id=" + id; } function isCdmMode() { -- 2.39.2