Changeset 185 for trunk/services


Ignore:
Timestamp:
Jun 24, 2006 11:02:54 PM (18 years ago)
Author:
scdev
Message:

Q - added oTxt() around all printed PHP_SELFs to avoid XSS attack. See: http://blog.phpdoc.info/archives/13-XSS-Woes.html

Location:
trunk/services/templates
Files:
7 edited

Legend:

Unmodified
Added
Removed

  • trunk/services/templates/admin_form.ihtml

    r136 r185  
    11<?php $fv->printErrorMessages(); ?>
    22
    3 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     3<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    44<?php $app->printHiddenSession(); ?>
    55<input type="hidden" name="op" value="<?php echo $frm['new_op']; ?>" />

  • trunk/services/templates/admin_list.ihtml

    r136 r185  
    11
    22<?php $fv->printErrorMessages(); ?>
    3 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
     3<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
    44<?php $app->printHiddenSession(false); ?>
    55<div id="commandbox">

  • trunk/services/templates/lock.ihtml

    r141 r185  
    44}
    55?>
    6 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     6<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    77    <?php $app->printHiddenSession() ?>
    88    <input type="hidden" name="lock_id" value="<?php echo $lock->getID(); ?>" />

  • trunk/services/templates/log_list.ihtml

    r153 r185  
    1 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
     1<form action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>" method="post">
    22<?php $app->printHiddenSession(false); ?>
    33

  • trunk/services/templates/login_form.ihtml

    r136 r185  
    1 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     1<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    22<?php $app->printHiddenSession() ?>
    33<table>

  • trunk/services/templates/password.ihtml

    r136 r185  
    11<?php $fv->printErrorMessages(); ?>
    22
    3 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     3<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    44<?php $app->printHiddenSession() ?>
    55<input type="hidden" name="op" value="update_password" />

  • trunk/services/templates/versions_list.ihtml

    r136 r185  
    1 <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
     1<form method="post" action="<?php echo oTxt($_SERVER['PHP_SELF']); ?>">
    22<?php $app->printHiddenSession() ?>
    33<input type="submit" name="op" value="<?php echo _("Cancel"); ?>" />
Note: See TracChangeset for help on using the changeset viewer.