Author: nextgens
Date: 2008-05-08 08:35:33 +0000 (Thu, 08 May 2008)
New Revision: 19833
Modified:
trunk/website/includes/common.inc.php
Log:
website: fix a security problem with the website
Modified: trunk/website/includes/common.inc.php
===================================================================
--- trunk/website/includes/common.inc.php 2008-05-07 19:17:48 UTC (rev
19832)
+++ trunk/website/includes/common.inc.php 2008-05-08 08:35:33 UTC (rev
19833)
@@ -125,8 +125,8 @@
echo "<body>404 error - broken link</body>";
$to="webmaster";
$subject="404 error";
- $content="\nA 404 error has occurred on the website :
may you fix it ?\nFrom : ".$_SERVER["HTTP_REFERER"]."\nTo :
".$_SERVER["REQUEST_URI"]."\nAt : ".date("D M j Y g:i:s a T"."\nUser-agent :
".$_SERVER["HTTP_USER_AGENT"]);
- @mail($to,$subject,$content,"svn-build");
+ $content="\nA 404 error has occurred on the website :
may you fix it ?\nFrom : ".htmlspecialchars($_SERVER["HTTP_REFERER"])."\nTo :
".htmlspecialchars($_SERVER["REQUEST_URI"])."\nAt : ".date("D M j Y g:i:s a
T"."\nUser-agent : ".htmlspecialchars($_SERVER["HTTP_USER_AGENT"]));
+
@mail($to,$subject,escapeshellcmd($content),"svn-build");
}
die;
}
@@ -136,4 +136,4 @@
$file = selectPage($lang_q, $page);
}
-?>
\ No newline at end of file
+?>
