Fixed Accidental AJAX Variable Injection

[digitalpoint]

In xenforo.js, this:

data = XenForo.ajaxDataPush(data, '_xfRequestUri', window.location.pathname + window.location.search);

should be:

[code]data = XenForo.ajaxDataPush(data, '_xfRequestUri', window.location.pathname + escape(window.location.search));

[/code]

Without it, variables from the URL in the CURRENT page get injected into the AJAX request.

For example from this URL: https://advertising.digitalpoint.com/advertiser?action=ads&site_id=2

Any AJAX request that does not have site_id=2 in it actually gets site_id=2 accidentally injected into the request because of the lack of URL encoding on the _xfRequestUri variable.

 

[Adam Howard]

Fixed your code.

You originally had some of the BB Code in it



In xenforo.js, this:

data = XenForo.ajaxDataPush(data, '_xfRequestUri', window.location.pathname + window.location.search);

should be:

data = XenForo.ajaxDataPush(data, '_xfRequestUri', window.location.pathname + escape(window.location.search));

(Also someone crazy enough to copy & past without looking & so I didn't want anyone making the mistake)

 

[Adam Howard]

Can not confirm

Can not find your code in xenforo.js

 

[digitalpoint]

Can not confirm

Can not find your code in xenforo.js

Search for "_xfRequestUri" in this:

http://xenforo.com/community/js/xenforo/xenforo.js?_v=3e16c37d

 

[cclaerhout]

Can not confirm

Can not find your code in xenforo.js

Look the full source js... but you will need to reminify it after.

 

[cclaerhout]

-I was wrong -

 

[Adam Howard]

Search for "_xfRequestUri" in this:

http://xenforo.com/community/js/xenforo/xenforo.js?_v=3e16c37d

http://xenforo.com/community/js/xenforo/xenforo.js

ODD... Found it ^^^ Here

http://www.sociallyuncensored.eu/forums/js/xenforo/xenforo.js

No idea why I can't find it here

 

[cclaerhout]

Can someone please confirm what I've just checked and if it's the case, please Jake or Slavik make this post as important !!!

 

[cclaerhout]

The bug I'm talking to is the one with the extra delay when the styles properties are displayed... and probably more also.

Edit: for example this:
http://xenforo.com/community/posts/470809/

 

[Adam Howard]

Look the full source js... but you will need to reminify it after.

* Sigh *

I need coffee (brains out the window, assuming there were there in the first place)

I have mix results manually minifying things on my PC. Sound be interesting.

 

[digitalpoint]

Can someone please confirm what I've just checked and if it's the case, please Jake or Slavik make this post as important !!!

Where's the link to that bug?

 

[cclaerhout]

Where's the link to that bug?

See this post and its links http://xenforo.com/community/threads/lightbox-behaviour.43791/#post-470776

I'm still checking but this time I must empty my browser cache

 

[cclaerhout]

-I was wrong -Sorry -
Bug is still there.

The last I can do is to put the replacement to do directly in the minify xenforo.js
Search:

b=XenForo.ajaxDataPush(b,"_xfRequestUri",g.location.pathname+g.location.search)

Replace with:

b=XenForo.ajaxDataPush(b,"_xfRequestUri",g.location.pathname+escape(g.location.search))

 

[Jake Bunce]

The bug I'm talking to is the one with the extra delay when the styles properties are displayed... and probably more also.

Edit: for example this:
http://xenforo.com/community/posts/470809/

Use this report for that specific issue:

http://xenforo.com/community/threads/chrome-10-second-js-lag-on-loading-style-property-group.43808/

 

[Mike]

Fixed, though the underlying issue is with ajaxDataPush. It needed to do better escaping.