Changeset 54044 in spip-zone


Ignore:
Timestamp:
Nov 5, 2011, 10:56:54 AM (9 years ago)
Author:
brunobergot@…
Message:

Report de r18662 : Eviter un XSS sur l'aide en ligne (Arnault Pachot)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • _core_/securite/ecran_securite.php

    r49987 r54044  
    66 */
    77
    8 define('_ECRAN_SECURITE', '1.0.5'); // 26 juil. 2011
     8define('_ECRAN_SECURITE', '1.0.6'); // 05 nov. 2011
    99
    1010/*
     
    5151$cjpeg_command='';
    5252
    53 /*     - controle la variable lang, var_recherche (XSS)
    54  *
    55  */
    56 foreach(array('lang', 'var_recherche') as $var) {
     53/*     - controle la variable lang, var_recherche, aide (XSS)
     54 *
     55 */
     56foreach(array('lang', 'var_recherche', 'aide') as $var) {
    5757        if (isset($_GET[$var]))
    5858                $_REQUEST[$var] = $GLOBALS[$var] = $_GET[$var] = preg_replace(',[^\w-]+,',' ',(string)$_GET[$var]);
Note: See TracChangeset for help on using the changeset viewer.