Ignore:
Timestamp:
Jun 24, 2006 11:02:54 PM (18 years ago)
Author:
scdev
Message:

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html

Location:
tags/2.0.2/bin/module_maker
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • tags/2.0.2/bin/module_maker/list_template.cli.php

    r111 r185  
    109109
    110110<div id="commandbox">
    111 <form action="<\x3fphp echo \$_SERVER['PHP_SELF']; \x3f>" method="get">
     111<form action="<\x3fphp echo oTxt(\$_SERVER['PHP_SELF']); \x3f>" method="get">
    112112<\x3fphp App::printHiddenSession(false); \x3f>
    113113    <span class="nowrap commandtext"><a href="<\x3fphp echo App::oHREF(\$_SERVER['PHP_SELF'] . '?op=add'); \x3f>"><\x3fphp echo _("Add <##>"); \x3f></a></span>
     
    124124<?php include 'list_info.ihtml'; \x3f>
    125125
    126 <form action="<\x3fphp echo \$_SERVER['PHP_SELF']; \x3f>" method="post">
     126<form action="<\x3fphp echo oTxt(\$_SERVER['PHP_SELF']); \x3f>" method="post">
    127127<table class="list">
    128128    <tr>

  • tags/2.0.2/bin/module_maker/module.cli.php

    r111 r185  
    221221if ($upload_file_capability) {
    222222    // Form arguments
    223     $replace['admin_form_tag_init'] = "<form enctype=\"multipart/form-data\" method=\"post\" action=\"<\x3fphp echo \$_SERVER['PHP_SELF']; \x3f>\" class=\"sc-form\">\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"<##>\" />";
     223    $replace['admin_form_tag_init'] = "<form enctype=\"multipart/form-data\" method=\"post\" action=\"<\x3fphp echo oTxt(\$_SERVER['PHP_SELF']); \x3f>\" class=\"sc-form\">\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"<##>\" />";
    224224
    225225    // Include statement.

  • tags/2.0.2/bin/module_maker/skel/adm_list.ihtml

    r51 r185  
    33
    44<div id="commandbox">
    5 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
     5<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="get">
    66<?php App::printHiddenSession(false); ?>
    77    <span class="nowrap commandtext"><a href="<?php echo App::oHREF($_SERVER['PHP_SELF'] . '?op=add'); ?>"><?php echo _("Add %ITEM_TITLE%"); ?></a></span>
     
    1616</div>
    1717
    18 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
     18<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
    1919<?php App::printHiddenSession(); ?>
    2020<?php include 'list_info.ihtml'; ?>
Note: See TracChangeset for help on using the changeset viewer.