[PHP-DOC] cvs: livedocs / livedoc.php livedoc_funcs.php search.php

Thu, 14 Jul 2005 12:06:03 -0700 

iliaa           Thu Jul 14 15:05:38 2005 EDT

  Modified files:              
    /livedocs   livedoc.php livedoc_funcs.php search.php 
  Log:
  Security fixes for XSS, SQL Injection and possible path disclosure.
  
  # Found by xssoops tool.
  
  
http://cvs.php.net/diff.php/livedocs/livedoc.php?r1=1.112&r2=1.113&ty=u
Index: livedocs/livedoc.php
diff -u livedocs/livedoc.php:1.112 livedocs/livedoc.php:1.113
--- livedocs/livedoc.php:1.112  Thu Jul  7 11:17:57 2005
+++ livedocs/livedoc.php        Thu Jul 14 15:05:38 2005
@@ -18,7 +18,7 @@
 // | Generate an HTML version of a phpdoc/docbook page on the fly         |
 // +----------------------------------------------------------------------+
 //
-// $Id: livedoc.php,v 1.112 2005/07/07 15:17:57 iliaa Exp $
+// $Id: livedoc.php,v 1.113 2005/07/14 19:05:38 iliaa Exp $
 
 define('LIVEDOC_SOURCE', dirname(__FILE__));
 include LIVEDOC_SOURCE . '/livedoc_funcs.php';
@@ -44,7 +44,7 @@
        // to some value.
        include LIVEDOC_SOURCE . '/error.php';
 } else {
-       $current_page = preg_replace(IDREG, '', $_GET['q']);
+       $current_page = preg_replace(IDREG, '', (string)$_GET['q']);
 }
 
 /*****************************************************************************
http://cvs.php.net/diff.php/livedocs/livedoc_funcs.php?r1=1.29&r2=1.30&ty=u
Index: livedocs/livedoc_funcs.php
diff -u livedocs/livedoc_funcs.php:1.29 livedocs/livedoc_funcs.php:1.30
--- livedocs/livedoc_funcs.php:1.29     Wed Jul  6 12:17:31 2005
+++ livedocs/livedoc_funcs.php  Thu Jul 14 15:05:38 2005
@@ -42,6 +42,8 @@
        $nav = NAV_START;
 
        /* Get the fileinfo for the reference */
+       $current_page = sqlite_escape_string($current_page);
+
        $tr = sqlite_array_query($idx, "SELECT title, filename, idents.fileid, 
files.dirid from idents left join files where id='$current_page' and 
idents.fileid=files.fileid", SQLITE_NUM);
        if (!$tr) {
                $tr = sqlite_array_query($fb_idx, "SELECT title, filename, 
idents.fileid, files.dirid from idents left join files where id='$current_page' 
and idents.fileid=files.fileid", SQLITE_NUM);        
@@ -146,7 +148,7 @@
        }
 
        if (FORCE_DYNAMIC) {
-               $url = "{$_SERVER['PHP_SELF']}?l=$lang&q=$firstid$hash";
+               $url = htmlspecialchars($_SERVER['PHP_SELF'], 
ENT_QUOTES)."?l=$lang&q=$firstid$hash";
        } else {
                $url = WEBBASE . "$lang/$firstid.html$hash";
        }
http://cvs.php.net/diff.php/livedocs/search.php?r1=1.9&r2=1.10&ty=u
Index: livedocs/search.php
diff -u livedocs/search.php:1.9 livedocs/search.php:1.10
--- livedocs/search.php:1.9     Mon Jun 20 21:52:59 2005
+++ livedocs/search.php Thu Jul 14 15:05:38 2005
@@ -18,7 +18,7 @@
 // | Search page                                                          |
 // +----------------------------------------------------------------------+
 //
-// $Id: search.php,v 1.9 2005/06/21 01:52:59 iliaa Exp $
+// $Id: search.php,v 1.10 2005/07/14 19:05:38 iliaa Exp $
 
 define('LIVEDOC_SOURCE', dirname(__FILE__));
 include './common.php';
@@ -129,6 +129,7 @@
        $tx_qry = $strict = '';
 }
 
+$tx_qry = htmlspecialchars($tx_qry, ENT_QUOTES);
 echo search_page_header();
 
        echo $res_str;

Reply via email to