Changeset 39437 in spip-zone


Ignore:
Timestamp:
Jul 21, 2010, 3:14:35 PM (9 years ago)
Author:
fil@…
Message:

securite du js informer_auteur (credit: Dotsafe), cf. http://trac.rezo.net/trac/spip/changeset/15849

File:
1 edited

Legend:

Unmodified
Added
Removed
  • _core_/securite/ecran_securite.php

    r33871 r39437  
    66 */
    77
    8 define('_ECRAN_SECURITE', '0.9.2'); // 20 dec 2009
     8define('_ECRAN_SECURITE', '0.9.3'); // 21 juil 2010
    99
    1010/*
     
    116116        $ecran_securite_raison = "test_cfg";
    117117
     118/*
     119 * XSS par array
     120 */
     121foreach (array('var_login') as $ecran_securite_i)
     122if (isset($_REQUEST[$k]) AND is_array($_REQUEST[$ecran_securite_i]))
     123        $ecran_securite_raison = "xss ".$ecran_securite_i;
    118124
    119125/* Parade antivirale contre un cheval de troie */
Note: See TracChangeset for help on using the changeset viewer.