mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

better value escaping (please check)

Browse Source
This commit is contained in:
Garvin Hicking 2013-02-07 12:37:06 +01:00
parent edc8c35be2
commit 2962760352
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/NEWS
View File

@ -1,9 +1,11 @@
# $Id$
Version 1.7 ()
------------------------------------------------------------------------
* Media database: Escape more Cookie values to prevent storing
possible XSS (http://board.s9y.org/viewtopic.php?f=3&t=19142)
* Allow entryproperties plugin to define defaults for custom fields
* Onyx, Net_URL classes: Remove PHP4 style constructor due to

14
include/functions_images.inc.php
View File

@ -1443,28 +1443,28 @@ function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = fa
foreach($importParams AS $importParam) {
if (isset($serendipity['GET'][$importParam])) {
$extraParems .= 'serendipity[' . $importParam . ']='. $serendipity['GET'][$importParam] .'&';
$extraParems .= 'serendipity[' . $importParam . ']='. htmlspecialchars($serendipity['GET'][$importParam]) .'&';
}
}
foreach($sortParams AS $sortParam) {
serendipity_restoreVar($serendipity['COOKIE']['sortorder_' . $sortParam], $serendipity['GET']['sortorder'][$sortParam]);
serendipity_JSsetCookie('sortorder_' . $sortParam, $serendipity['GET']['sortorder'][$sortParam]);
$extraParems .= 'serendipity[sortorder]['. $sortParam .']='. $serendipity['GET']['sortorder'][$sortParam] .'&';
serendipity_JSsetCookie('sortorder_' . $sortParam, htmlspecialchars($serendipity['GET']['sortorder'][$sortParam]));
$extraParems .= 'serendipity[sortorder]['. $sortParam .']='. htmlspecialchars($serendipity['GET']['sortorder'][$sortParam]) .'&';
}
foreach($filterParams AS $filterParam) {
serendipity_restoreVar($serendipity['COOKIE'][$filterParam], $serendipity['GET'][$filterParam]);
serendipity_JSsetCookie($filterParam, $serendipity['GET'][$filterParam]);
serendipity_JSsetCookie($filterParam, htmlspecialchars($serendipity['GET'][$filterParam]));
if (!empty($serendipity['GET'][$filterParam])) {
$extraParems .= 'serendipity[' . $filterParam . ']='. $serendipity['GET'][$filterParam] .'&';
$extraParems .= 'serendipity[' . $filterParam . ']='. htmlspecialchars($serendipity['GET'][$filterParam]) .'&';
}
}
$serendipity['GET']['only_path'] = serendipity_uploadSecure($limit_path . $serendipity['GET']['only_path'], true);
$serendipity['GET']['only_filename'] = str_replace(array('*', '?'), array('%', '_'), $serendipity['GET']['only_filename']);
$serendipity['GET']['only_filename'] = htmlspecialchars(str_replace(array('*', '?'), array('%', '_'), $serendipity['GET']['only_filename']));
$perPage = (!empty($serendipity['GET']['sortorder']['perpage']) ? $serendipity['GET']['sortorder']['perpage'] : 8);
$perPage = (!empty($serendipity['GET']['sortorder']['perpage']) ? (int)$serendipity['GET']['sortorder']['perpage'] : 8);
while ($perPage % $lineBreak !== 0) {
$perPage++;
}