Ignore:
Timestamp:
Jun 24, 2006 11:02:54 PM (18 years ago)
Author:
scdev
Message:

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html

Location:
tags/2.0.2/services/templates
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • tags/2.0.2/services/templates/admin_form.ihtml

    r22 r185  
    11<?php $fv->printErrorMessages(); ?>
    22
    3 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     3<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    44<?php App::printHiddenSession(); ?>
    55<input type="hidden" name="op" value="<?php echo $frm['new_op']; ?>" />

  • tags/2.0.2/services/templates/admin_list.ihtml

    r54 r185  
    11
    22<?php $fv->printErrorMessages(); ?>
    3 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
     3<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
    44<?php App::printHiddenSession(false); ?>
    55<div id="commandbox">

  • tags/2.0.2/services/templates/lock.ihtml

    r42 r185  
    44}
    55?>
    6 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     6<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    77    <?php App::printHiddenSession() ?>
    88    <input type="hidden" name="lock_id" value="<?php echo $lock->getID(); ?>" />

  • tags/2.0.2/services/templates/log_list.ihtml

    r28 r185  
    1 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
     1<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
    22<?php App::printHiddenSession(false); ?>
    33

  • tags/2.0.2/services/templates/login_form.ihtml

    r22 r185  
    1 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     1<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    22<?php App::printHiddenSession() ?>
    33<table>

  • tags/2.0.2/services/templates/password.ihtml

    r22 r185  
    11<?php $fv->printErrorMessages(); ?>
    22
    3 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     3<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    44<?php App::printHiddenSession() ?>
    55<input type="hidden" name="op" value="update_password" />

  • tags/2.0.2/services/templates/versions_list.ihtml

    r49 r185  
    1 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     1<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    22<?php App::printHiddenSession() ?>
    33<input type="submit" name="op" value="<?php echo _("Cancel"); ?>" />
Note: See TracChangeset for help on using the changeset viewer.