Commit 87fb228b0a36a68da0d55e537066ef62853bfb17
1 parent
c1ccd412
Type: Functionality change
Description: Includes XSS attack prevention. Behaviour before fix: XSS attack could be performed on login.php. Behaviour after fix: XSS attacks seem unsuccessful after patch. Credit: Thanks to Jonathan E. Hawkins for pointing out this bug. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2824 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
4 additions
and
3 deletions
presentation/login.php
| ... | ... | @@ -2,6 +2,7 @@ |
| 2 | 2 | |
| 3 | 3 | // main library routines and defaults |
| 4 | 4 | require_once("../config/dmsDefaults.php"); |
| 5 | +require_once("../lib/sanitize.inc"); | |
| 5 | 6 | /** |
| 6 | 7 | * $Id$ |
| 7 | 8 | * |
| ... | ... | @@ -69,7 +70,7 @@ if ($loginAction == "loginForm") { |
| 69 | 70 | <form name=\"loginForm\" action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\"> |
| 70 | 71 | <tr><td>Please enter your details below to login</td></tr> |
| 71 | 72 | <tr><td></td></tr> |
| 72 | - <tr><td><font color=\"red\">" . urldecode($errorMessage) . "</font><tr><td> | |
| 73 | + <tr><td><font color=\"red\">" . sanitize($errorMessage) . "</font><tr><td> | |
| 73 | 74 | \t<tr><td>Username:</td></tr> |
| 74 | 75 | \t<tr><td><input type=\"text\" name=\"fUserName\" size=\"35\"></td></tr> |
| 75 | 76 | \t<tr><td>Password:</td></tr> |
| ... | ... | @@ -111,7 +112,7 @@ if ($loginAction == "loginForm") { |
| 111 | 112 | |
| 112 | 113 | // check for a location to forward to |
| 113 | 114 | if (isset($redirect) && strlen(trim($redirect))>0) { |
| 114 | - $redirect = urldecode($redirect); | |
| 115 | + $redirect = sanitize($redirect); | |
| 115 | 116 | // remove any params from redirect before looking up from sitemap |
| 116 | 117 | if (strstr($redirect, "?")) { |
| 117 | 118 | $queryString = substr($redirect, strpos($redirect, "?")+1, strlen($redirect)); |
| ... | ... | @@ -162,4 +163,4 @@ if ($loginAction == "loginForm") { |
| 162 | 163 | // redirect to root |
| 163 | 164 | redirect($default->rootUrl); |
| 164 | 165 | } |
| 165 | -?> | |
| 166 | 166 | \ No newline at end of file |
| 167 | +?> | ... | ... |