Commit 87fb228b0a36a68da0d55e537066ef62853bfb17
1 parent
c1ccd412
Type: Functionality change
Description: Includes XSS attack prevention. Behaviour before fix: XSS attack could be performed on login.php. Behaviour after fix: XSS attacks seem unsuccessful after patch. Credit: Thanks to Jonathan E. Hawkins for pointing out this bug. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@2824 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
4 additions
and
3 deletions
presentation/login.php
| @@ -2,6 +2,7 @@ | @@ -2,6 +2,7 @@ | ||
| 2 | 2 | ||
| 3 | // main library routines and defaults | 3 | // main library routines and defaults |
| 4 | require_once("../config/dmsDefaults.php"); | 4 | require_once("../config/dmsDefaults.php"); |
| 5 | +require_once("../lib/sanitize.inc"); | ||
| 5 | /** | 6 | /** |
| 6 | * $Id$ | 7 | * $Id$ |
| 7 | * | 8 | * |
| @@ -69,7 +70,7 @@ if ($loginAction == "loginForm") { | @@ -69,7 +70,7 @@ if ($loginAction == "loginForm") { | ||
| 69 | <form name=\"loginForm\" action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\"> | 70 | <form name=\"loginForm\" action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\"> |
| 70 | <tr><td>Please enter your details below to login</td></tr> | 71 | <tr><td>Please enter your details below to login</td></tr> |
| 71 | <tr><td></td></tr> | 72 | <tr><td></td></tr> |
| 72 | - <tr><td><font color=\"red\">" . urldecode($errorMessage) . "</font><tr><td> | 73 | + <tr><td><font color=\"red\">" . sanitize($errorMessage) . "</font><tr><td> |
| 73 | \t<tr><td>Username:</td></tr> | 74 | \t<tr><td>Username:</td></tr> |
| 74 | \t<tr><td><input type=\"text\" name=\"fUserName\" size=\"35\"></td></tr> | 75 | \t<tr><td><input type=\"text\" name=\"fUserName\" size=\"35\"></td></tr> |
| 75 | \t<tr><td>Password:</td></tr> | 76 | \t<tr><td>Password:</td></tr> |
| @@ -111,7 +112,7 @@ if ($loginAction == "loginForm") { | @@ -111,7 +112,7 @@ if ($loginAction == "loginForm") { | ||
| 111 | 112 | ||
| 112 | // check for a location to forward to | 113 | // check for a location to forward to |
| 113 | if (isset($redirect) && strlen(trim($redirect))>0) { | 114 | if (isset($redirect) && strlen(trim($redirect))>0) { |
| 114 | - $redirect = urldecode($redirect); | 115 | + $redirect = sanitize($redirect); |
| 115 | // remove any params from redirect before looking up from sitemap | 116 | // remove any params from redirect before looking up from sitemap |
| 116 | if (strstr($redirect, "?")) { | 117 | if (strstr($redirect, "?")) { |
| 117 | $queryString = substr($redirect, strpos($redirect, "?")+1, strlen($redirect)); | 118 | $queryString = substr($redirect, strpos($redirect, "?")+1, strlen($redirect)); |
| @@ -162,4 +163,4 @@ if ($loginAction == "loginForm") { | @@ -162,4 +163,4 @@ if ($loginAction == "loginForm") { | ||
| 162 | // redirect to root | 163 | // redirect to root |
| 163 | redirect($default->rootUrl); | 164 | redirect($default->rootUrl); |
| 164 | } | 165 | } |
| 165 | -?> | ||
| 166 | \ No newline at end of file | 166 | \ No newline at end of file |
| 167 | +?> |