Please update your installations with this commit / patch to avoid
security concerns.
Alessandro
-------- Messaggio originale --------
Oggetto: [Openupload-svn-update] SF.net SVN: openupload:[395]
branches/v0.4/www/index.php
Data: Fri, 09 Sep 2011 10:54:42 +0000
Mittente: ts...@us...
A: ope...@li...
Revision: 395
http://openupload.svn.sourceforge.net/openupload/?rev=395&view=rev
Author: tsdogs
Date: 2011-09-09 10:54:41 +0000 (Fri, 09 Sep 2011)
Log Message:
-----------
fix script injection BUG: 3406693
Modified Paths:
--------------
branches/v0.4/www/index.php
Modified: branches/v0.4/www/index.php
===================================================================
--- branches/v0.4/www/index.php 2011-02-28 17:08:12 UTC (rev 394)
+++ branches/v0.4/www/index.php 2011-09-09 10:54:41 UTC (rev 395)
@@ -54,6 +54,12 @@
} else {
$step = '';
}
+
+ /* sanitize the user input a bit more */
+$action = htmlentities($action);
+$step = htmlentities($step);
+if (!is_numeric($step)) $step = 1;
+
$configfile = 'config.inc.php';
if (defined('__NOT_MAIN_SCRIPT'))
$configfile = 'www/'.$configfile;
This was sent by the SourceForge.net collaborative development platform,
the world's largest Open Source development site.
------------------------------------------------------------------------------
Why Cloud-Based Security and Archiving Make Sense
Osterman Research conducted this study that outlines how and why cloud
computing security and archiving is rapidly being adopted across the IT
space for its ease of implementation, lower cost, and increased
reliability. Learn more. http://www.accelacomm.com/jaw/sfnl/114/51425301/
_______________________________________________
Openupload-svn-update mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/openupload-svn-update
|
