Update of /cvsroot/linpha/linpha
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21811
Modified Files:
new_images.php
Log Message:
fixed possible XSS (see LinPHA Bugs item #1939188)
Index: new_images.php
===================================================================
RCS file: /cvsroot/linpha/linpha/new_images.php,v
retrieving revision 1.30
retrieving revision 1.31
diff -C2 -d -r1.30 -r1.31
*** new_images.php 29 Sep 2005 20:15:51 -0000 1.30
--- new_images.php 14 Apr 2008 10:07:25 -0000 1.31
***************
*** 32,35 ****
--- 32,47 ----
}
+ /*
+ * XSS check
+ */
+ if(isset($_GET['pn']) || isset($_GET['order']))
+ {
+ $numeric_test = array('pn');
+ xss_security_check($numeric_test, 'int');
+
+ $string_test = array('order');
+ xss_security_check($string_test, 'string');
+ }
+
include_once(TOP_DIR.'/include/img_view.class.php');
$img_view = new ImgView();
|
