[openupload-devel] Script injection vulnerability
Status: Beta
Brought to you by:
tsdogs
Menu
▾
▴
[openupload-devel] Script injection vulnerability
|
From: Alessandro B. <ts...@br...> - 2011-09-09 10:57:09
|
Please update your installations with this commit / patch to avoid security concerns. Alessandro -------- Messaggio originale -------- Oggetto: [Openupload-svn-update] SF.net SVN: openupload:[395] branches/v0.4/www/index.php Data: Fri, 09 Sep 2011 10:54:42 +0000 Mittente: ts...@us... A: ope...@li... Revision: 395 http://openupload.svn.sourceforge.net/openupload/?rev=395&view=rev Author: tsdogs Date: 2011-09-09 10:54:41 +0000 (Fri, 09 Sep 2011) Log Message: ----------- fix script injection BUG: 3406693 Modified Paths: -------------- branches/v0.4/www/index.php Modified: branches/v0.4/www/index.php =================================================================== --- branches/v0.4/www/index.php 2011-02-28 17:08:12 UTC (rev 394) +++ branches/v0.4/www/index.php 2011-09-09 10:54:41 UTC (rev 395) @@ -54,6 +54,12 @@ } else { $step = ''; } + + /* sanitize the user input a bit more */ +$action = htmlentities($action); +$step = htmlentities($step); +if (!is_numeric($step)) $step = 1; + $configfile = 'config.inc.php'; if (defined('__NOT_MAIN_SCRIPT')) $configfile = 'www/'.$configfile; This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. ------------------------------------------------------------------------------ Why Cloud-Based Security and Archiving Make Sense Osterman Research conducted this study that outlines how and why cloud computing security and archiving is rapidly being adopted across the IT space for its ease of implementation, lower cost, and increased reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/ _______________________________________________ Openupload-svn-update mailing list Ope...@li... https://lists.sourceforge.net/lists/listinfo/openupload-svn-update |
