mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Issue #435, fix missing escaping of HTTP referer to prevent XSS

Browse Source
This commit is contained in:
Garvin Hicking 2017-01-02 09:37:45 +01:00
parent 0c8416f5df
commit 4e8c310156
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/NEWS
View File

@ -11,6 +11,9 @@ Version 2.1 (November 28th, 2016)
* [Security] Prevent XSS in adding category and directory names, * [Security] Prevent XSS in adding category and directory names,
thanks to Edric Teo @smarterbitbybit. thanks to Edric Teo @smarterbitbybit.
* [Security] For multi-deletion of entries, secure the HTTP referrer
output to prevent XSS (Issue #435)
Version 2.1-beta2 (September 26th, 2016) Version 2.1-beta2 (September 26th, 2016)
------------------------------------------------------------------------ ------------------------------------------------------------------------

2
include/admin/entries.inc.php
View File

@ -402,7 +402,7 @@ switch($serendipity['GET']['adminAction']) {
return; // blank content page, but default token check parameter is presenting a XSRF message when false return; // blank content page, but default token check parameter is presenting a XSRF message when false
} }
if (!is_array($serendipity['POST']['multiDelete'])) { if (!is_array($serendipity['POST']['multiDelete'])) {
echo '<div class="msg_notice"><span class="icon-attention-circled" aria-hidden="true"></span> ' . sprintf(MULTICHECK_NO_ITEM, $_SERVER['HTTP_REFERER']) . '</div>'."\n"; echo '<div class="msg_notice"><span class="icon-attention-circled" aria-hidden="true"></span> ' . sprintf(MULTICHECK_NO_ITEM, serendipity_specialchars($_SERVER['HTTP_REFERER'])) . '</div>'."\n";
break; break;
} }