[php-blog-cvs] serendipity NEWS,1.255,1.255.2.1 serendipity_layout.inc.php,1.9,1.9.8.1 serendipity_l

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/php-blog/serendipity
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23607

Modified Files:
      Tag: branch-0-7
	NEWS serendipity_layout.inc.php 
	serendipity_layout_table.inc.php 
Log Message:
Fixmed XSS Vulenerability.

Should we release a 0.7.1?


Index: serendipity_layout.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/Attic/serendipity_layout.inc.php,v
retrieving revision 1.9
retrieving revision 1.9.8.1
diff -u -d -r1.9 -r1.9.8.1

--- serendipity_layout.inc.php	21 Mar 2004 16:35:32 -0000	1.9
+++ serendipity_layout.inc.php	1 Dec 2004 13:56:29 -0000	1.9.8.1
@@ -66,10 +66,10 @@
 						}
 																									      
 						if ($r === true) {
-							echo sprintf(NO_ENTRIES_BLAHBLAH, $serendipity['GET']['searchTerm']);
+							echo sprintf(NO_ENTRIES_BLAHBLAH, strip_tags($serendipity['GET']['searchTerm']));
 							break;
 						}
-                        echo sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, $serendipity["GET"]["searchTerm"], count($r));
+                        echo sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, strip_tags($serendipity["GET"]["searchTerm"]), count($r));
                         serendipity_printEntries($r);
                     break;
 

Index: serendipity_layout_table.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/Attic/serendipity_layout_table.inc.php,v
retrieving revision 1.12
retrieving revision 1.12.4.1
diff -u -d -r1.12 -r1.12.4.1
--- serendipity_layout_table.inc.php	5 May 2004 11:50:24 -0000	1.12
+++ serendipity_layout_table.inc.php	1 Dec 2004 13:56:29 -0000	1.12.4.1
@@ -55,7 +55,7 @@
 						}
 
 						if ($r === true) {
-							echo sprintf(NO_ENTRIES_BLAHBLAH, $serendipity['GET']['searchTerm']);
+							echo sprintf(NO_ENTRIES_BLAHBLAH, strip_tags($serendipity['GET']['searchTerm']));
 							break;
 						}
                         echo sprintf(YOUR_SEARCH_RETURNED_BLAHBLAH, $serendipity["GET"]["searchTerm"], count($r));

Index: NEWS
===================================================================
RCS file: /cvsroot/php-blog/serendipity/Attic/NEWS,v
retrieving revision 1.255
retrieving revision 1.255.2.1
diff -u -d -r1.255 -r1.255.2.1
--- NEWS	8 Nov 2004 10:44:07 -0000	1.255
+++ NEWS	1 Dec 2004 13:56:29 -0000	1.255.2.1
@@ -1,5 +1,10 @@
 # $Id$
 
+Version 0.7.1
+------------------------------------------------------------------------
+
+    * Fixed cross site scripting vulnerability
+
 Version 0.7 (November 8th, 2004)
 ------------------------------------------------------------------------
 





[php-blog-cvs] serendipity NEWS,1.255,1.255.2.1 serendipity_layout.inc.php,1.9,1.9.8.1 serendipity_l

A reliable, secure & extensible PHP blog | Not mainstream since 2002

[php-blog-cvs] serendipity NEWS,1.255,1.255.2.1 serendipity_layout.inc.php,1.9,1.9.8.1 serendipity_layout_table.inc.php,1.12,1.12.4.1