Author: shadowmaster
Date: Sat Jul 6 03:59:53 2013
New Revision: 56598
URL: http://svn.gna.org/viewcvs/wesnoth?rev=56598&view=rev
Log:
gettext.wesnoth.org: Clean-up GET parameters for possible XSS exploits
Modified:
website/gettext.wesnoth.org/functions.php
website/gettext.wesnoth.org/index.extra.php
website/gettext.wesnoth.org/index.lang.php
website/gettext.wesnoth.org/index.php
Modified: website/gettext.wesnoth.org/functions.php
URL:
http://svn.gna.org/viewcvs/wesnoth/website/gettext.wesnoth.org/functions.php?rev=56598&r1=56597&r2=56598&view=diff
==============================================================================
--- website/gettext.wesnoth.org/functions.php (original)
+++ website/gettext.wesnoth.org/functions.php Sat Jul 6 03:59:53 2013
@@ -89,4 +89,11 @@
return str_replace("wesnoth-","",$string);
}
+//
+// Get a GET variable cleaned up for possible XSS exploits.
+//
+function parameter_get($name) {
+ return htmlspecialchars($_GET[$name], ENT_QUOTES, 'UTF-8');
+}
+
?>
Modified: website/gettext.wesnoth.org/index.extra.php
URL:
http://svn.gna.org/viewcvs/wesnoth/website/gettext.wesnoth.org/index.extra.php?rev=56598&r1=56597&r2=56598&view=diff
==============================================================================
--- website/gettext.wesnoth.org/index.extra.php (original)
+++ website/gettext.wesnoth.org/index.extra.php Sat Jul 6 03:59:53 2013
@@ -29,7 +29,7 @@
if(!isset($_GET['package'])){
$package = 'alloff';
}else{
- $package = $_GET['package'];
+ $package = parameter_get('package');
}
if(!isset($_GET['order']) || $_GET['order'] != 'alpha'){
@@ -96,7 +96,7 @@
}
}
}else{
- $package = $_GET['package'];
+ $package = parameter_get('package');
if (!file_exists("stats/" . $package . "/stats")) {
$nostats=true;
}else{
Modified: website/gettext.wesnoth.org/index.lang.php
URL:
http://svn.gna.org/viewcvs/wesnoth/website/gettext.wesnoth.org/index.lang.php?rev=56598&r1=56597&r2=56598&view=diff
==============================================================================
--- website/gettext.wesnoth.org/index.lang.php (original)
+++ website/gettext.wesnoth.org/index.lang.php Sat Jul 6 03:59:53 2013
@@ -32,13 +32,13 @@
if(!isset($_GET['version'])){
$version = 'master';
}else{
- $version = $_GET['version'];
+ $version = parameter_get('version');
}
if(!isset($_GET['lang'])){
$lang = '';
}else{
- $lang = $_GET['lang'];
+ $lang = parameter_get('lang');
}
if($lang != "") {
Modified: website/gettext.wesnoth.org/index.php
URL:
http://svn.gna.org/viewcvs/wesnoth/website/gettext.wesnoth.org/index.php?rev=56598&r1=56597&r2=56598&view=diff
==============================================================================
--- website/gettext.wesnoth.org/index.php (original)
+++ website/gettext.wesnoth.org/index.php Sat Jul 6 03:59:53 2013
@@ -33,7 +33,7 @@
if(!isset($_GET['package'])){
$package = 'alloff';
}else{
- $package = $_GET['package'];
+ $package = parameter_get('package');
}
if(!isset($_GET['version'])){
@@ -42,7 +42,7 @@
// 'master': show stats from master
$version = 'branch';
}else{
- $version = $_GET['version'];
+ $version = parameter_get('version');
}
if(!isset($_GET['order']) || $_GET['order'] != 'alpha'){
@@ -149,7 +149,7 @@
}
}
}else{
- $package = $_GET['package'];
+ $package = parameter_get('package');
$statsfile = $version . "stats";
if (!file_exists("stats/" . $package . "/" . $statsfile)) {
$nostats=true;
_______________________________________________
Wesnoth-commits mailing list
[email protected]
https://mail.gna.org/listinfo/wesnoth-commits
