From 9576adec7a732e1640fb051aae006a5f8d7b6a1e Mon Sep 17 00:00:00 2001
From: JediKev <kevin@enhancesoft.com>
Date: Tue, 20 Mar 2018 12:54:47 -0500
Subject: [PATCH] issue: AJAX Reflected XSS

This addresses an issue where you can exploit XSS in the help-topic AJAX
request. This adds a check for a refferal URL and if none it will return
a 403 Forbidden Response.
---
 include/ajax.forms.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/include/ajax.forms.php b/include/ajax.forms.php
index 41506c872..9ca601e33 100644
--- a/include/ajax.forms.php
+++ b/include/ajax.forms.php
@@ -15,6 +15,9 @@ class DynamicFormsAjaxAPI extends AjaxController {
     }
 
     function getFormsForHelpTopic($topic_id, $client=false) {
+        if (!$_SERVER['HTTP_REFERER'])
+            Http::response(403, 'Forbidden.');
+
         if (!($topic = Topic::lookup($topic_id)))
             Http::response(404, 'No such help topic');
 
-- 
GitLab