/[smecontribs]/rpms/phpki/contribs9/phpki-0.82-potential_xss_php_self.patch
ViewVC logotype

Contents of /rpms/phpki/contribs9/phpki-0.82-potential_xss_php_self.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Mon Oct 8 07:35:31 2018 UTC (6 years, 1 month ago) by dani
Branch: MAIN
CVS Tags: phpki-0_82-21_el6_sme, phpki-0_82-22_el6_sme, phpki-0_82-20_el6_sme, phpki-0_82-18_el6_sme, phpki-0_82-23_el6_sme, phpki-0_82-19_el6_sme, HEAD
* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]

1 diff -Nur phpki/phpki-0.82/include/common.php phpki_bz10626/phpki-0.82/include/common.php
2 --- phpki/phpki-0.82/include/common.php 2018-10-08 09:20:21.526025640 +0200
3 +++ phpki_bz10626/phpki-0.82/include/common.php 2018-10-08 09:22:31.486656132 +0200
4 @@ -7,8 +7,7 @@
5 else
6 $PHPki_user = md5('default');
7
8 -$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
9 -
10 +$PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF'], ENT_QUOTES, "utf-8");
11
12 function printHeader($withmenu="default") {
13 global $config;
14 diff -Nur phpki/phpki-0.82/include/my_functions.php phpki_bz10626/phpki-0.82/include/my_functions.php
15 --- phpki/phpki-0.82/include/my_functions.php 2018-10-08 09:20:21.576025882 +0200
16 +++ phpki_bz10626/phpki-0.82/include/my_functions.php 2018-10-08 09:22:39.688695907 +0200
17 @@ -1,6 +1,6 @@
18 <?php
19
20 -$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
21 +$PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF'], ENT_QUOTES, "utf-8");
22
23 #
24 # Returns TRUE if browser is Internet Explorer.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed