Navigation

← Previous Changeset
Next Changeset →

Changeset 431

Timestamp:

05/20/06 15:52:02 (2 years ago)

Author:

Rickard

Message:

Fixed XSS vulnerability involving "redirect_url".

Files:

trunk/upload/login.php (modified) (1 diff)
trunk/upload/misc.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/upload/login.php

r257	r431
79	79	pun_setcookie($user_id, $form_password_hash, $expire);
80	80
81		redirect(~~$_POST['redirect_url']~~, $lang_login['Login redirect']);
	81	redirect(htmlspecialchars($_POST['redirect_url']), $lang_login['Login redirect']);
82	82	}
83	83

trunk/upload/misc.php

r205	r431
121	121	pun_mail($recipient_email, $mail_subject, $mail_message, '"'.str_replace('"', '', $pun_user['username']).'" <'.$pun_user['email'].'>');
122	122
123		redirect(~~$_POST['redirect_url']~~, $lang_misc['E-mail sent redirect']);
	123	redirect(htmlspecialchars($_POST['redirect_url']), $lang_misc['E-mail sent redirect']);
124	124	}
125	125

Download in other formats: