[Phplib-commit] CVS: php-lib/php crcloginform.ihtml,1.5,1.6 crloginform.ihtml,1.4,1.5 loginform.ihtm
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-commit] CVS: php-lib/php crcloginform.ihtml,1.5,1.6 crloginform.ihtml,1.4,1.5 loginform.ihtml,1.3,1.4 perminvalid.ihtml,1.2,1.3 registerform.ihtml,1.2,1.3
|
From: Richard A. <ric...@us...> - 2001-08-29 07:26:49
|
Update of /cvsroot/phplib/php-lib/php
In directory usw-pr-cvs1:/tmp/cvs-serv22170
Modified Files:
crcloginform.ihtml crloginform.ihtml loginform.ihtml
perminvalid.ihtml registerform.ihtml
Log Message:
Changes to prevent cross-site scripting attacks:
Encode dangerous characters in session URLs
Pass user input through htmlentities before output
Index: crcloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/crcloginform.ihtml,v
retrieving revision 1.5
retrieving revision 1.6
diff -C2 -d -r1.5 -r1.6
*** crcloginform.ihtml 1999/12/09 10:48:57 1.5
--- crcloginform.ihtml 2001/08/29 07:26:44 1.6
***************
*** 61,65 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td>
</tr>
--- 61,65 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td>
</tr>
Index: crloginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/crloginform.ihtml,v
retrieving revision 1.4
retrieving revision 1.5
diff -C2 -d -r1.4 -r1.5
*** crloginform.ihtml 1999/10/29 13:55:13 1.4
--- crloginform.ihtml 2001/08/29 07:26:44 1.5
***************
*** 53,57 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? $this->auth["uname"] : "" ) ?>" size=32 maxlength=32></td>
</tr>
--- 53,57 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print (isset($this->auth["uname"]) ? htmlentities($this->auth["uname"]) : "" ) ?>" size=32 maxlength=32></td>
</tr>
Index: loginform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/loginform.ihtml,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** loginform.ihtml 1999/10/29 11:18:40 1.3
--- loginform.ihtml 2001/08/29 07:26:44 1.4
***************
*** 23,27 ****
<td>Username:</td>
<td><input type="text" name="username"
! value="<?php if (isset($this->auth["uname"])) print $this->auth["uname"] ?>"
size=32 maxlength=32></td>
</tr>
--- 23,27 ----
<td>Username:</td>
<td><input type="text" name="username"
! value="<?php if (isset($this->auth["uname"])) print htmlentities($this->auth["uname"]) ?>"
size=32 maxlength=32></td>
</tr>
Index: perminvalid.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/perminvalid.ihtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** perminvalid.ihtml 1999/04/27 18:04:43 1.2
--- perminvalid.ihtml 2001/08/29 07:26:44 1.3
***************
*** 10,14 ****
with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user
name of <b><?php
! print isset($auth->auth["uname"]) ? $auth->auth["uname"] : "(unknown)";
?></b>.<p>
--- 10,14 ----
with a user id of <b><?php print $auth->auth["uid"] ?></b> and a user
name of <b><?php
! print isset($auth->auth["uname"]) ? htmlentities($auth->auth["uname"]) : "(unknown)";
?></b>.<p>
Index: registerform.ihtml
===================================================================
RCS file: /cvsroot/phplib/php-lib/php/registerform.ihtml,v
retrieving revision 1.2
retrieving revision 1.3
diff -C2 -d -r1.2 -r1.3
*** registerform.ihtml 1999/10/29 11:18:40 1.2
--- registerform.ihtml 2001/08/29 07:26:44 1.3
***************
*** 23,27 ****
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print $auth->auth["uname"] ?>" size=32 maxlength=32></td>
</tr>
<tr valign=top align=left>
--- 23,27 ----
<tr valign=top align=left>
<td>Username:</td>
! <td><input type="text" name="username" value="<?php print htmlentities($auth->auth["uname"]) ?>" size=32 maxlength=32></td>
</tr>
<tr valign=top align=left>
|