[Mrbs-commits] SF.net SVN: mrbs:[1775] mrbs/trunk/web

[jberanek]

Revision: 1775
          http://mrbs.svn.sourceforge.net/mrbs/?rev=1775&view=rev
Author:   jberanek
Date:     2011-01-28 23:46:37 +0000 (Fri, 28 Jan 2011)

Log Message:
-----------
* Fixed some XSS/escaping bugs reported by 'kevan_' in SF #3167226.

Modified Paths:
--------------
    mrbs/trunk/web/Themes/default/header.inc
    mrbs/trunk/web/session_php.inc

Modified: mrbs/trunk/web/Themes/default/header.inc
===================================================================
--- mrbs/trunk/web/Themes/default/header.inc    2011-01-28 22:02:32 UTC (rev 
1774)
+++ mrbs/trunk/web/Themes/default/header.inc    2011-01-28 23:46:37 UTC (rev 
1775)
@@ -13,7 +13,7 @@
   global $default_language_tokens, $disable_automatic_language_changing, 
$override_locale;
   global $lang_map_windows, $langs, $server_os;
   
-  $page = basename($PHP_SELF, ".php" );
+  $page = preg_replace('/\.php$/', '', $PHP_SELF);
   $user = getUserName();
   $is_admin = (authGetUserLevel($user) >= 2);
 
@@ -882,7 +882,7 @@
   <?php
   // Put the filename in as a class to aid styling.   
   // (Use a class rather than id to avoid specificity problems)
-  echo "<body class=\"$page\" onLoad =\"init()\">\n";
+  echo "<body class=\"".htmlspecialchars($page)."\" onLoad =\"init()\">\n";
   ?>
     <div class="screenonly">
 
@@ -1016,7 +1016,7 @@
         <form id="header_search" method="get" action="search.php">
           <div>
             <a href="search.php?advanced=1"><?php echo get_vocab("search") 
?>:</a>
-            <input type="text"   name="search_str" value="<?php echo 
$search_str ?>">
+            <input type="text"   name="search_str" value="<?php echo 
htmlspecialchars($search_str) ?>">
             <input type="hidden" name="day"        value="<?php echo $day      
  ?>">
             <input type="hidden" name="month"      value="<?php echo $month    
  ?>">
             <input type="hidden" name="year"       value="<?php echo $year     
  ?>">

Modified: mrbs/trunk/web/session_php.inc
===================================================================
--- mrbs/trunk/web/session_php.inc      2011-01-28 22:02:32 UTC (rev 1774)
+++ mrbs/trunk/web/session_php.inc      2011-01-28 23:46:37 UTC (rev 1775)
@@ -234,7 +234,7 @@
     $search_string = "report.php?From_day=$day&amp;From_month=$month&amp;".
       
"From_year=$year&amp;To_day=1&amp;To_month=12&amp;To_year=2030&amp;areamatch=&amp;".
       
"roommatch=&amp;namematch=&amp;descrmatch=&amp;summarize=1&amp;sortby=r&amp;display=d&amp;".
-      "sumby=d&amp;creatormatch=$user"; ?>
+      "sumby=d&amp;creatormatch=".urlencode($user); ?>
 
                 <a name="logonBox" href="<?php echo "$search_string\" title=\""
          . get_vocab('show_my_entries') . "\">" . get_vocab('you_are')." "


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Mrbs-commits mailing list
Mrbs-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mrbs-commits