Changeset 185 for trunk/bin


Ignore:
Timestamp:
Jun 24, 2006 11:02:54 PM (18 years ago)
Author:
scdev
Message:

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html

Location:
trunk/bin/module_maker
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/bin/module_maker/list_template.cli.php

    r154 r185  
    109109
    110110<div id="commandbox">
    111 <form action="<\x3fphp echo \$_SERVER['PHP_SELF']; \x3f>" method="get">
     111<form action="<\x3fphp echo oTxt(\$_SERVER['PHP_SELF']); \x3f>" method="get">
    112112<\x3fphp \$app->printHiddenSession(false); \x3f>
    113113    <span class="sc-nowrap commandtext"><a href="<\x3fphp echo \$app->oHREF(\$_SERVER['PHP_SELF'] . '?op=add'); \x3f>"><\x3fphp echo _("Add __///__"); \x3f></a></span>
     
    124124<?php include 'list_info.ihtml'; \x3f>
    125125
    126 <form action="<\x3fphp echo \$_SERVER['PHP_SELF']; \x3f>" method="post">
     126<form action="<\x3fphp echo oTxt(\$_SERVER['PHP_SELF']); \x3f>" method="post">
    127127<table class="list">
    128128    <tr>

  • trunk/bin/module_maker/module.cli.php

    r154 r185  
    223223if ($upload_file_capability) {
    224224    // Form arguments
    225     $replace['admin_form_tag_init'] = "<form enctype=\"multipart/form-data\" method=\"post\" action=\"<\x3fphp echo \$_SERVER['PHP_SELF']; \x3f>\" class=\"sc-form\">\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"__///__\" />";
     225    $replace['admin_form_tag_init'] = "<form enctype=\"multipart/form-data\" method=\"post\" action=\"<\x3fphp echo oTxt(\$_SERVER['PHP_SELF']); \x3f>\" class=\"sc-form\">\n<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"__///__\" />";
    226226
    227227    // Include statement.

  • trunk/bin/module_maker/skel/adm_list.ihtml

    r154 r185  
    33
    44<div id="commandbox">
    5 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
     5<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="get">
    66<?php $app->printHiddenSession(false); ?>
    77    <span class="sc-nowrap commandtext"><a href="<?php echo $app->oHREF($_SERVER['PHP_SELF'] . '?op=add'); ?>"><?php echo _("Add %ITEM_TITLE%"); ?></a></span>
     
    1616</div>
    1717
    18 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
     18<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
    1919<?php $app->printHiddenSession(); ?>
    2020<?php include 'list_info.ihtml'; ?>
Note: See TracChangeset for help on using the changeset viewer.