[Phplib-commit] CVS: php-lib/php crcloginform.ihtml,1.5,1.6 crloginform.ihtml,1.4,1.5 loginform.ihtm
Brought to you by:
nhruby,
richardarcher
From: Richard A. <ric...@us...> - 2001-08-29 07:26:49
|
Update of /cvsroot/phplib/php-lib/php In directory usw-pr-cvs1:/tmp/cvs-serv22170 Modified Files: crcloginform.ihtml crloginform.ihtml loginform.ihtml perminvalid.ihtml registerform.ihtml Log Message: Changes to prevent cross-site scripting attacks: Encode dangerous characters in session URLs Pass user input through htmlentities before output Index: crcloginform.ihtml =================================================================== RCS file: /cvsroot/phplib/php-lib/php/crcloginform.ihtml,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** crcloginform.ihtml 1999/12/09 10:48:57 1.5 --- crcloginform.ihtml 2001/08/29 07:26:44 1.6 *************** *** 61,65 **** <tr valign=top align=left> <td>Username:</td> ! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td> </tr> --- 61,65 ---- <tr valign=top align=left> <td>Username:</td> ! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td> </tr> Index: crloginform.ihtml =================================================================== RCS file: /cvsroot/phplib/php-lib/php/crloginform.ihtml,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** crloginform.ihtml 1999/10/29 13:55:13 1.4 --- crloginform.ihtml 2001/08/29 07:26:44 1.5 *************** *** 53,57 **** <tr valign=top align=left> <td>Username:</td> ! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td> </tr> --- 53,57 ---- <tr valign=top align=left> <td>Username:</td> ! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td> </tr> Index: loginform.ihtml =================================================================== RCS file: /cvsroot/phplib/php-lib/php/loginform.ihtml,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** loginform.ihtml 1999/10/29 11:18:40 1.3 --- loginform.ihtml 2001/08/29 07:26:44 1.4 *************** *** 23,27 **** <td>Username:</td> <td><input type="text" name="username" ! value="<?php if (isset($this->auth["uname"])) print $this->auth["uname"] ?>" size=32 maxlength=32></td> </tr> --- 23,27 ---- <td>Username:</td> <td><input type="text" name="username" ! value="<?php if (isset($this->auth["uname"])) print htmlentities($this->auth["uname"]) ?>" size=32 maxlength=32></td> </tr> Index: perminvalid.ihtml =================================================================== RCS file: /cvsroot/phplib/php-lib/php/perminvalid.ihtml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** perminvalid.ihtml 1999/04/27 18:04:43 1.2 --- perminvalid.ihtml 2001/08/29 07:26:44 1.3 *************** *** 10,14 **** with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user name of <b><?php ! print isset($auth->auth["uname"]) ? $auth->auth["uname"] : "(unknown)"; ?></b>.<p> --- 10,14 ---- with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user name of <b><?php ! print isset($auth->auth["uname"]) ? htmlentities($auth->auth["uname"]) : "(unknown)"; ?></b>.<p> Index: registerform.ihtml =================================================================== RCS file: /cvsroot/phplib/php-lib/php/registerform.ihtml,v retrieving revision 1.2 retrieving revision 1.3 diff -C2 -d -r1.2 -r1.3 *** registerform.ihtml 1999/10/29 11:18:40 1.2 --- registerform.ihtml 2001/08/29 07:26:44 1.3 *************** *** 23,27 **** <tr valign=top align=left> <td>Username:</td> ! <td><input type="text" name="username" value="<?php print $auth->auth["uname"] ?>" size=32 maxlength=32></td> </tr> <tr valign=top align=left> --- 23,27 ---- <tr valign=top align=left> <td>Username:</td> ! <td><input type="text" name="username" value="<?php print htmlentities($auth->auth["uname"]) ?>" size=32 maxlength=32></td> </tr> <tr valign=top align=left> |