[Linpha-cvs] linpha viewer.php, 1.41, 1.42 ChangeLog, 1.1278, 1.1279 new_images.php, 1.32, 1.33
Status: Inactive
Brought to you by:
bzrudi
Menu
▾
▴
[Linpha-cvs] linpha viewer.php, 1.41, 1.42 ChangeLog, 1.1278, 1.1279 new_images.php, 1.32, 1.33
|
From: bzrudi <bz...@us...> - 2008-04-15 08:39:18
|
Update of /cvsroot/linpha/linpha In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19204 Modified Files: viewer.php ChangeLog new_images.php Log Message: more XSS prevention fixes Index: new_images.php =================================================================== RCS file: /cvsroot/linpha/linpha/new_images.php,v retrieving revision 1.32 retrieving revision 1.33 diff -C2 -d -r1.32 -r1.33 *** new_images.php 14 Apr 2008 10:16:08 -0000 1.32 --- new_images.php 15 Apr 2008 08:39:14 -0000 1.33 *************** *** 35,42 **** * XSS check */ ! $numeric_test = array('pn'); xss_security_check($numeric_test, 'int'); ! $string_test = array('order'); xss_security_check($string_test, 'string'); --- 35,42 ---- * XSS check */ ! $numeric_test = array('pn', 'imgid', 'exif'); xss_security_check($numeric_test, 'int'); ! $string_test = array('order', 'view'); xss_security_check($string_test, 'string'); Index: viewer.php =================================================================== RCS file: /cvsroot/linpha/linpha/viewer.php,v retrieving revision 1.41 retrieving revision 1.42 diff -C2 -d -r1.41 -r1.42 *** viewer.php 16 Jan 2008 17:42:20 -0000 1.41 --- viewer.php 15 Apr 2008 08:39:14 -0000 1.42 *************** *** 25,29 **** * here, as albid and friends always are expected to be numeric */ ! $numeric_test = array('albid', 'stage', 'imgid', 'pn'); xss_security_check($numeric_test, 'int'); --- 25,29 ---- * here, as albid and friends always are expected to be numeric */ ! $numeric_test = array('albid', 'stage', 'imgid', 'pn', 'exif', 'ref_imgid'); xss_security_check($numeric_test, 'int'); Index: ChangeLog =================================================================== RCS file: /cvsroot/linpha/linpha/ChangeLog,v retrieving revision 1.1278 retrieving revision 1.1279 diff -C2 -d -r1.1278 -r1.1279 *** ChangeLog 14 Apr 2008 10:08:27 -0000 1.1278 --- ChangeLog 15 Apr 2008 08:39:14 -0000 1.1279 *************** *** 1,2 **** --- 1,6 ---- + 2008-04-15 bzrudi + * metadata_editor.php: check md5sum before executing SQL query + * more XSS prevention fixes + 2008-04-14 bzrudi * login.php: fixed possible XSS (see LinPHA Bugs item #1939188) |
