Dotclear

Changeset 3649:3b0b868d58b0


Ignore:
Timestamp:
01/12/18 07:57:00 (5 years ago)
Author:
franck <carnet.franck.paul@…>
Branch:
default
Children:
3650:11cb6291eea7, 3651:6980a7a06518
Message:

Fix potential XSS - thank's Trí Chim Trích for report

Files:
7 edited

Legend:

Unmodified
Added
Removed
  • CHANGELOG

    r3646 r3649  
    44* 🛡 Security: New password management system (including silent migration) 
    55* 🛡 Security: Add Referrer-Policy header in admin pages 
     6* 🛡 Security: Fix potential XSS - thank's Trí Chim Trích for report 
    67* Dotclear news are now displayed in async way by js 
    78* Dotclear core update check is now done by async js - a forced check may still be done on <admin>/update.php page 
  • admin/auth.php

    r3627 r3649  
    8383{ 
    8484     $user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null; 
    85      $user_email = !empty($_POST['user_email']) ? $_POST['user_email'] : ''; 
     85     $user_email = !empty($_POST['user_email']) ? html::escapeHTML($_POST['user_email']) : ''; 
    8686     try 
    8787     { 
  • admin/blogs.php

    r3560 r3649  
    5454 
    5555if (!empty($_GET['nb']) && (integer) $_GET['nb'] > 0) { 
    56      if ($nb_per_page != $_GET['nb']) { 
     56     if ($nb_per_page !=  (integer) $_GET['nb']) { 
    5757          $show_filters = true; 
    5858     } 
  • admin/comments.php

    r3560 r3649  
    7878 
    7979if (!empty($_GET['nb']) && (integer) $_GET['nb'] > 0) { 
    80      if ($nb_per_page != $_GET['nb']) { 
     80     if ($nb_per_page !=  (integer) $_GET['nb']) { 
    8181          $show_filters = true; 
    8282     } 
  • admin/posts.php

    r3560 r3649  
    179179 
    180180if (!empty($_GET['nb']) && (integer) $_GET['nb'] > 0) { 
    181      if ($nb_per_page != $_GET['nb']) { 
     181     if ($nb_per_page !=  (integer) $_GET['nb']) { 
    182182          $show_filters = true; 
    183183     } 
  • admin/user.php

    r3639 r3649  
    8080          $cur->user_id = $_POST['user_id']; 
    8181          $cur->user_super = $user_super = !empty($_POST['user_super']) ? 1 : 0; 
    82           $cur->user_name = $user_name = $_POST['user_name']; 
    83           $cur->user_firstname = $user_firstname = $_POST['user_firstname']; 
    84           $cur->user_displayname = $user_displayname = $_POST['user_displayname']; 
    85           $cur->user_email = $user_email = $_POST['user_email']; 
    86           $cur->user_url = $user_url = $_POST['user_url']; 
    87           $cur->user_lang = $user_lang = $_POST['user_lang']; 
    88           $cur->user_tz = $user_tz = $_POST['user_tz']; 
    89           $cur->user_post_status = $user_post_status = $_POST['user_post_status']; 
     82          $cur->user_name = $user_name = html::escapeHTML($_POST['user_name']); 
     83          $cur->user_firstname = $user_firstname = html::escapeHTML($_POST['user_firstname']); 
     84          $cur->user_displayname = $user_displayname = html::escapeHTML($_POST['user_displayname']); 
     85          $cur->user_email = $user_email = html::escapeHTML($_POST['user_email']); 
     86          $cur->user_url = $user_url = html::escapeHTML($_POST['user_url']); 
     87          $cur->user_lang = $user_lang = html::escapeHTML($_POST['user_lang']); 
     88          $cur->user_tz = $user_tz = html::escapeHTML($_POST['user_tz']); 
     89          $cur->user_post_status = $user_post_status = html::escapeHTML($_POST['user_post_status']); 
    9090 
    9191          if ($user_id && $cur->user_id == $core->auth->userID() && $core->auth->isSuperAdmin()) { 
     
    105105          } 
    106106 
    107           $user_options['post_format'] = $_POST['user_post_format']; 
     107          $user_options['post_format'] = html::escapeHTML($_POST['user_post_format']); 
    108108          $user_options['edit_size'] = (integer) $_POST['user_edit_size']; 
    109109 
  • admin/users.php

    r3560 r3649  
    5252 
    5353if (!empty($_GET['nb']) && (integer) $_GET['nb'] > 0) { 
    54      if ($nb_per_page != $_GET['nb']) { 
     54     if ($nb_per_page !=  (integer) $_GET['nb']) { 
    5555          $show_filters = true; 
    5656     } 
    57      $nb_per_page = $_GET['nb']; 
     57     $nb_per_page =  (integer) $_GET['nb']; 
    5858} 
    5959 
Note: See TracChangeset for help on using the changeset viewer.

Sites map