/[smecontribs]/rpms/phpki/contribs9/phpki-0.82-potential_xss_php_self.patch
ViewVC logotype

Annotation of /rpms/phpki/contribs9/phpki-0.82-potential_xss_php_self.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Oct 8 07:35:31 2018 UTC (6 years, 1 month ago) by dani
Branch: MAIN
CVS Tags: phpki-0_82-21_el6_sme, phpki-0_82-22_el6_sme, phpki-0_82-20_el6_sme, phpki-0_82-18_el6_sme, phpki-0_82-23_el6_sme, phpki-0_82-19_el6_sme, HEAD
* Mon Oct 8 2018 Daniel B. <daniel@firewall-services.com> 0.82-18.sme
- Fix potential XSS with unsafe use of PHP_SELF [SME: 10626]

1 dani 1.1 diff -Nur phpki/phpki-0.82/include/common.php phpki_bz10626/phpki-0.82/include/common.php
2     --- phpki/phpki-0.82/include/common.php 2018-10-08 09:20:21.526025640 +0200
3     +++ phpki_bz10626/phpki-0.82/include/common.php 2018-10-08 09:22:31.486656132 +0200
4     @@ -7,8 +7,7 @@
5     else
6     $PHPki_user = md5('default');
7    
8     -$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
9     -
10     +$PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF'], ENT_QUOTES, "utf-8");
11    
12     function printHeader($withmenu="default") {
13     global $config;
14     diff -Nur phpki/phpki-0.82/include/my_functions.php phpki_bz10626/phpki-0.82/include/my_functions.php
15     --- phpki/phpki-0.82/include/my_functions.php 2018-10-08 09:20:21.576025882 +0200
16     +++ phpki_bz10626/phpki-0.82/include/my_functions.php 2018-10-08 09:22:39.688695907 +0200
17     @@ -1,6 +1,6 @@
18     <?php
19    
20     -$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
21     +$PHP_SELF = htmlspecialchars($HTTP_SERVER_VARS['PHP_SELF'], ENT_QUOTES, "utf-8");
22    
23     #
24     # Returns TRUE if browser is Internet Explorer.

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed