Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

- User web: fix XSS vulnerability, web code update recommended 

svn path=/trunk/boinc/; revision=13586
This commit is contained in:
Rytis Slatkevičius 2007-09-13 09:46:36 +00:00
parent 3838d16750
commit dd97f02834
4 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
checkin_notes
View File

@ -8441,15 +8441,15 @@ David 12 Sept 2007
boinc_api.C
David 12 Sept 2007
- Manager: clean up text in system tray balloon
- Client: use dd-MMM-yyyy format for dates;
mm/dd/yyyy is ambiguous and mixed-endian
Fixes #406
- Manager: clean up text in system tray balloon
- Client: use dd-MMM-yyyy format for dates;
mm/dd/yyyy is ambiguous and mixed-endian
Fixes #406
clientgui/
BOINCTaskBar.cpp
lib/
str_util.C
clientgui/
BOINCTaskBar.cpp
lib/
str_util.C
David 13 Sept 2007
- client: restore <slot> element on GUI RPC result XML
@ -8459,3 +8459,12 @@ David 13 Sept 2007
client/
app.C
cpu_sched.C
Rytis 13 Sep 2007
- User web: fix XSS vulnerability, web code update recommended
html/
inc/util.inc
user/
forum_text_search_action.php
user_search_action.php

4
html/inc/util.inc
View File

@ -589,7 +589,7 @@ function get_int($name, $optional=false) {
if ($optional) {
return null;
} else {
error_page("missing or bad parameter: $name $x");
error_page("missing or bad parameter: $name; supplied: ".htmlspecialchars($x));
}
}
return (int)$x;
@ -602,7 +602,7 @@ function post_int($name, $optional=false) {
if ($optional) {
return null;
} else {
error_page("missing or bad parameter: $name $x");
error_page("missing or bad parameter: $name; supplied: ".htmlspecialchars($x));
}
}
return (int)$x;

9
html/user/forum_text_search_action.php
View File

@ -1,4 +1,5 @@
<?php
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
require_once("../inc/forum.inc");
require_once("../inc/time.inc");
@ -28,19 +29,19 @@ if (isset($_GET['titles'])) {
$thread = mysql_fetch_object($result);
show_thread($thread, $n+$offset+1);
$n += 1;
}
}
echo "</table>";
}
mysql_free_result($result);
if ($offset==0 && $n==0) {
echo sprintf(tr(FORUM_SEARCH_TITLES_NO),$search_string);//"No titles found containing '$search_string'";
echo sprintf(tr(FORUM_SEARCH_TITLES_NO),htmlspecialchars($search_string));//"No titles found containing '$search_string'";
}
} else if (isset($_GET['bodies'])) {
$what .= 'bodies=1';
page_head(sprintf(tr(FORUM_SEARCH_BODIES),$search_string));
page_head(sprintf(tr(FORUM_SEARCH_BODIES),htmlspecialchars($search_string)));
$q = "SELECT * FROM post ";
$q .= "LEFT JOIN thread ON post.thread = thread.id ";
$q .= "WHERE MATCH(post.content) AGAINST ('$search_string_clean') ";
@ -59,7 +60,7 @@ if (isset($_GET['titles'])) {
}
mysql_free_result($result);
if ($offset==0 && $n==0) {
echo sprintf(tr(FORUM_SEARCH_BODIES_NO),$search_string);
echo sprintf(tr(FORUM_SEARCH_BODIES_NO),htmlspecialchars($search_string));
}
}

5
html/user/user_search_action.php
View File

@ -1,4 +1,5 @@
<?php
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
require_once("../inc/db.inc");
require_once("../inc/util.inc");
@ -96,7 +97,7 @@ if (strlen($search_string)>=3) {
$n=0;
while ($user = mysql_fetch_object($result)) {
if ($n==0) {
echo "<h2>User names starting with '$search_string' $nice_name</h2>\n";
echo "<h2>User names starting with '".htmlspecialchars($search_string)."' $nice_name</h2>\n";
print_table_header($urls, $nextd);
}
show_user($user, $n+$offset+1);
@ -105,7 +106,7 @@ if (strlen($search_string)>=3) {
echo "</table>\n";
mysql_free_result($result);
if (!$n) {
echo "<h2>No user names found starting with '$search_string'</h2>\n";
echo "<h2>No user names found starting with '".htmlspecialchars($search_string)."'</h2>\n";
}
echo "<br><br>\n";