From: Reini U. <ru...@us...> - 2002-09-09 13:41:33
|
Update of /cvsroot/phpwiki/phpwiki/lib In directory usw-pr-cvs1:/tmp/cvs-serv15519/lib Modified Files: Request.php main.php Log Message: fixed sanify_userinput for arrays and typo in $user->_authhow Index: Request.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/Request.php,v retrieving revision 1.17 retrieving revision 1.18 diff -u -2 -b -p -d -r1.17 -r1.18 --- Request.php 9 Sep 2002 12:14:37 -0000 1.17 +++ Request.php 9 Sep 2002 13:41:29 -0000 1.18 @@ -216,5 +216,12 @@ class Request { // <script> tags, ... // /wiki/?pagename=<script>alert(document.cookie)</script> + if (is_string($var)) { return htmlentities(strip_tags($var)); + } elseif (is_array($var)) { + $this->sanify_input_array($var); + return $var; + } else { + return $var; + } } } Index: main.php =================================================================== RCS file: /cvsroot/phpwiki/phpwiki/lib/main.php,v retrieving revision 1.72 retrieving revision 1.73 diff -u -2 -b -p -d -r1.72 -r1.73 --- main.php 30 Aug 2002 21:36:37 -0000 1.72 +++ main.php 9 Sep 2002 13:41:30 -0000 1.73 @@ -421,5 +421,5 @@ class WikiRequest extends Request { if ($userid = $this->getSessionVar('wiki_user')) { if (!empty($this->_user)) - $this->_user->authhow = 'session'; + $this->_user->_authhow = 'session'; return $userid; } |