Peter M. Groen / knowledgetree

Commit 4b735f6d8940f67d836c53c4362088dedb4d0e42

Authored by andrew
1 parent b0c4d672

Removed some more potential XSS problems. 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2826 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 2 changed files with 3 additions and 3 deletions
presentation/lookAndFeel/knowledgeTree/create.php
  View file @4b735f6
@@ -98,7 +98,7 @@ if ($oObject->create()) { @@ -98,7 +98,7 @@ if ($oObject->create()) {
98 98
99 //redirect the user 99 //redirect the user
100 if (isset($fRedirectURL)) { 100 if (isset($fRedirectURL)) {
101 - redirect(urldecode($fRedirectURL) . $oObject->iId . "&fSuccess=" . $bSuccess); 101 + redirect(strip_tags(urldecode($fRedirectURL)) . $oObject->iId . "&fSuccess=" . $bSuccess);
102 } else { 102 } else {
103 redirect("$default->rootUrl/control.php"); 103 redirect("$default->rootUrl/control.php");
104 } 104 }
presentation/lookAndFeel/knowledgeTree/store.php
  View file @4b735f6
@@ -42,6 +42,6 @@ if (count($_POST) > 0) { @@ -42,6 +42,6 @@ if (count($_POST) > 0) {
42 $sql = $default->db; 42 $sql = $default->db;
43 $sql->query($aQueries[$i]); 43 $sql->query($aQueries[$i]);
44 } 44 }
45 - redirect(urldecode($fReturnURL)); 45 + redirect(strip_tags(urldecode($fReturnURL)));
46 } 46 }
47 -?>  
48 \ No newline at end of file 47 \ No newline at end of file
  48 +?>