Fix stored XSS vulnerability via do=export_metadata dokuwiki#4305

kazmiya · splitbrain · commit b1a9a7addb62 · 2024-08-05T08:18:33.000+02:00
This prevents metadata export in general and also ensures the the
temporary $doc property in the metadata renderer is cleared in
document_end
diff --git a/inc/Action/Export.php b/inc/Action/Export.php
@@ -86,6 +86,9 @@ public function preProcess()
                 $headers['Content-Type'] = 'text/html; charset=utf-8';
                 $output = p_wiki_xhtml($ID, $REV, false);
                 break;
+            case 'metadata':
+                // metadata should not be exported
+                break;
             default:
                 $output = p_cached_output(wikiFN($ID, $REV), $mode, $ID);
                 $headers = p_get_metadata($ID, "format $mode");
diff --git a/inc/parser/metadata.php b/inc/parser/metadata.php
@@ -108,6 +108,8 @@ public function document_end()
         if (!isset($this->meta['date']['modified'])) {
             $this->meta['date']['modified'] = filemtime(wikiFN($ID));
         }
+
+        $this->doc = '';
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -108,6 +108,8 @@ public function document_end()`
`108`	`108`	`if (!isset($this->meta['date']['modified'])) {`
`109`	`109`	`$this->meta['date']['modified'] = filemtime(wikiFN($ID));`
`110`	`110`	`}`
	`111`	`+`
	`112`	`+ $this->doc = '';`
`111`	`113`	`}`
`112`	`114`
`113`	`115`	`/**`