Author: mike
Date: 2008-10-20 15:46:06 -0700 (Mon, 20 Oct 2008)
New Revision: 511
Log:
Useless XSS fix.
Modified:
trunk/software.php
Modified: trunk/software.php
===================================================================
--- trunk/software.php 2008-10-11 13:55:31 UTC (rev 510)
+++ trunk/software.php 2008-10-20 22:46:06 UTC (rev 511)
@@ -30,11 +30,18 @@
// Get form data, if any...
if (array_key_exists("FILE", $_GET))
+{
$file = $_GET["FILE"];
+
+ if (strpos($file, "../") !== FALSE ||
+ !file_exists("/home/ftp.easysw.com/pub/$file"))
+ $file = "";
+}
else
$file = "";
-if (array_key_exists("SITE", $_GET))
+if (array_key_exists("SITE", $_GET) &&
+ array_key_exists($_GET["SITE"], $PROJECT_SITELIST))
{
$site = $_GET["SITE"];
setcookie("SITE", $site, time() + 90 * 86400, "/");
_______________________________________________
fltk-commit mailing list
[email protected]
http://lists.easysw.com/mailman/listinfo/fltk-commit
