forked from extern/egroupware
check cookies for XSS attempts
This commit is contained in:
parent
5d6deed27d
commit
12dbfca137
@ -164,7 +164,7 @@ class Login
|
||||
|
||||
$tmpl->set_var('login_url', $GLOBALS['egw_info']['server']['webserver_url'] . '/login.php' . $extra_vars);
|
||||
$tmpl->set_var('version', $GLOBALS['egw_info']['server']['versions']['phpgwapi']);
|
||||
$tmpl->set_var('login', $last_loginid);
|
||||
$tmpl->set_var('login', htmlspecialchars($last_loginid));
|
||||
|
||||
$tmpl->set_var('lang_username',lang('username'));
|
||||
$tmpl->set_var('lang_login',lang('login'));
|
||||
|
@ -78,7 +78,7 @@ function _check_script_tag(&$var,$name='',$log=true)
|
||||
}
|
||||
}
|
||||
|
||||
foreach(array('_GET','_POST','_REQUEST','HTTP_GET_VARS','HTTP_POST_VARS') as $n => $where)
|
||||
foreach(array('_COOKIE','_GET','_POST','_REQUEST','HTTP_GET_VARS','HTTP_POST_VARS') as $n => $where)
|
||||
{
|
||||
$pregs = array(
|
||||
'order' => '/^[a-zA-Z0-9_,]*$/',
|
||||
@ -93,7 +93,7 @@ foreach(array('_GET','_POST','_REQUEST','HTTP_GET_VARS','HTTP_POST_VARS') as $n
|
||||
}
|
||||
// do the check for script-tags only for _GET and _POST or if we found something in _GET and _POST
|
||||
// speeds up the execusion a bit
|
||||
if (isset($GLOBALS[$where]) && is_array($GLOBALS[$where]) && ($n < 2 || isset($GLOBALS['egw_unset_vars'])))
|
||||
if (isset($GLOBALS[$where]) && is_array($GLOBALS[$where]) && ($n < 3 || isset($GLOBALS['egw_unset_vars'])))
|
||||
{
|
||||
_check_script_tag($GLOBALS[$where],$where);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user