net-analyzer/zabbix: fixed CVE-2020-15803 in 3.0.31-r1

Bug: https://bugs.gentoo.org/733118
Package-Manager: Portage-3.0.1, Repoman-2.3.23
Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>

1 files changed, 83 insertions, 0 deletions

diff --git a/net-analyzer/zabbix/files/zabbix-3.0.31-fix-cve-2020-15803.patch b/net-analyzer/zabbix/files/zabbix-3.0.31-fix-cve-2020-15803.patch
new file mode 100644
index 000000000000..0cca60315581
--- /dev/null
+++ b/net-analyzer/zabbix/files/zabbix-3.0.31-fix-cve-2020-15803.patch
@@ -0,0 +1,83 @@
+diff --git a/frontends/php/include/classes/screens/CScreenUrl.php b/frontends/php/include/classes/screens/CScreenUrl.php
+index e35c5f1..1df396e 100644
+--- a/frontends/php/include/classes/screens/CScreenUrl.php
++++ b/frontends/php/include/classes/screens/CScreenUrl.php
+@@ -29,18 +29,10 @@ class CScreenUrl extends CScreenBase {
+ 	public function get() {
+ 		// prevent from resolving macros in configuration page
+ 		if ($this->mode != SCREEN_MODE_PREVIEW && $this->mode != SCREEN_MODE_SLIDESHOW) {
+-			return $this->getOutput(
+-				CHtmlUrlValidator::validate($this->screenitem['url'], false)
+-					? new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'],
+-							'auto')
+-					: makeMessageBox(false, [[
+-								'type' => 'error',
+-								'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
+-							]]
+-						)
+-			);
++			return $this->getOutput($this->prepareElement());
+ 		}
+-		elseif ($this->screenitem['dynamic'] == SCREEN_DYNAMIC_ITEM && $this->hostid == 0) {
++
++		if ($this->screenitem['dynamic'] == SCREEN_DYNAMIC_ITEM && $this->hostid == 0) {
+ 			return $this->getOutput((new CTableInfo())->setNoDataMessage(_('No host selected.')));
+ 		}
+ 
+@@ -54,14 +46,28 @@ class CScreenUrl extends CScreenBase {
+ 
+ 		$this->screenitem['url'] = $url ? $url : $this->screenitem['url'];
+ 
+-		return $this->getOutput(
+-			CHtmlUrlValidator::validate($this->screenitem['url'], false)
+-				? new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'], 'auto')
+-				: makeMessageBox(false, [[
+-							'type' => 'error',
+-							'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
+-						]]
+-					)
+-		);
++		return $this->getOutput($this->prepareElement());
++	}
++
++	/**
++	 * @return CTag
++	 */
++	public function prepareElement() {
++		if (CHtmlUrlValidator::validate($this->screenitem['url'], false)) {
++			$item = new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'],
++				'auto'
++			);
++
++			if (ZBX_IFRAME_SANDBOX !== false) {
++				$item->setAttribute('sandbox', ZBX_IFRAME_SANDBOX);
++			}
++
++			return $item;
++		}
++
++		return makeMessageBox(false, [[
++			'type' => 'error',
++			'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
++		]]);
+ 	}
+ }
+diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php
+index a67a625..c6a437c 100644
+--- a/frontends/php/include/defines.inc.php
++++ b/frontends/php/include/defines.inc.php
+@@ -1284,6 +1284,14 @@ if (function_exists('bcscale')) {
+ 	bcscale(7);
+ }
+ 
++/**
++ * The sandbox attribute enables an extra set of restrictions for the content in the iframe. Default is set to empty
++ * string, which means all restrictions are applied. To disable, set to FALSE. To set a specific set of restrictions,
++ * write a custom string.
++ * https://www.w3.org/TR/2010/WD-html5-20100624/the-iframe-element.html#attr-iframe-sandbox
++ */
++define('ZBX_IFRAME_SANDBOX', '');
++
+ // HTTP headers
+ /*
+  * Value of HTTP X-Frame-options header.