Thread: [Linpha-cvs] linpha viewer.php, 1.41, 1.42 ChangeLog, 1.1278, 1.1279 new_images.php, 1.32, 1.33

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/linpha/linpha
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19204

Modified Files:
	viewer.php ChangeLog new_images.php 
Log Message:
more XSS prevention fixes

Index: new_images.php
===================================================================
RCS file: /cvsroot/linpha/linpha/new_images.php,v
retrieving revision 1.32
retrieving revision 1.33
diff -C2 -d -r1.32 -r1.33
*** new_images.php	14 Apr 2008 10:16:08 -0000	1.32
--- new_images.php	15 Apr 2008 08:39:14 -0000	1.33
***************
*** 35,42 ****
   * XSS check
   */
! $numeric_test = array('pn');
  xss_security_check($numeric_test, 'int');
  
! $string_test = array('order');
  xss_security_check($string_test, 'string');
  
--- 35,42 ----
   * XSS check
   */
! $numeric_test = array('pn', 'imgid', 'exif');
  xss_security_check($numeric_test, 'int');
  
! $string_test = array('order', 'view');
  xss_security_check($string_test, 'string');
  

Index: viewer.php
===================================================================
RCS file: /cvsroot/linpha/linpha/viewer.php,v
retrieving revision 1.41
retrieving revision 1.42
diff -C2 -d -r1.41 -r1.42
*** viewer.php	16 Jan 2008 17:42:20 -0000	1.41
--- viewer.php	15 Apr 2008 08:39:14 -0000	1.42
***************
*** 25,29 ****
   * here, as albid and friends always are expected to be numeric 
   */
! $numeric_test = array('albid', 'stage', 'imgid', 'pn');
  xss_security_check($numeric_test, 'int');
  
--- 25,29 ----
   * here, as albid and friends always are expected to be numeric 
   */
! $numeric_test = array('albid', 'stage', 'imgid', 'pn', 'exif', 'ref_imgid');
  xss_security_check($numeric_test, 'int');
  

Index: ChangeLog
===================================================================
RCS file: /cvsroot/linpha/linpha/ChangeLog,v
retrieving revision 1.1278
retrieving revision 1.1279
diff -C2 -d -r1.1278 -r1.1279
*** ChangeLog	14 Apr 2008 10:08:27 -0000	1.1278
--- ChangeLog	15 Apr 2008 08:39:14 -0000	1.1279
***************
*** 1,2 ****
--- 1,6 ----
+ 2008-04-15 bzrudi
+  * metadata_editor.php: check md5sum before executing SQL query
+  * more XSS prevention fixes
+  
  2008-04-14 bzrudi
   * login.php: fixed possible XSS (see LinPHA Bugs item #1939188)

Thread: [Linpha-cvs] linpha viewer.php, 1.41, 1.42 ChangeLog, 1.1278, 1.1279 new_images.php, 1.32, 1.33

linpha-cvs