freebsd/ports
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ports/www/phpSysInfo/files/patch-xss-fix.diff
Shaun Amott 8ddb08e12e Fix XSS vulnerability. 
Reported by:	miwi
Security:	88260dfe-3d21-11dc-b3d3-0016179b2dd
2007-07-31 09:44:45 +00:00

12 lines
641 B
Diff
Raw Blame History

--- includes/system_footer.php.orig Tue Jul 31 10:35:50 2007
+++ includes/system_footer.php Tue Jul 31 10:35:52 2007
@@ -29,7 +29,7 @@
if( ! $hide_picklist ) {
echo "<center>\n";
- $update_form = "<form method=\"POST\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "\t" . $text['template'] . ":&nbsp;\n" . "\t<select name=\"template\">\n";
+ $update_form = "<form method=\"POST\" action=\"" . htmlentities(strip_tags($_SERVER['PHP_SELF'])) . "\">\n" . "\t" . $text['template'] . ":&nbsp;\n" . "\t<select name=\"template\">\n";
$resDir = opendir( APP_ROOT . '/templates/' );
while( false !== ( $strFile = readdir( $resDir ) ) ) {
Reference in New Issue View Git Blame Copy Permalink