mirror of https://github.com/BOINC/boinc.git
- User web: fix XSS vulnerability, web code update recommended
svn path=/trunk/boinc/; revision=13586
This commit is contained in:
Rytis Slatkevičius
parent
3838d16750
commit
dd97f02834
|
|
@ -8441,15 +8441,15 @@ David 12 Sept 2007
|
||||||
boinc_api.C
|
boinc_api.C
|
||||||
|
|
||||||
David 12 Sept 2007
|
David 12 Sept 2007
|
||||||
- Manager: clean up text in system tray balloon
|
- Manager: clean up text in system tray balloon
|
||||||
- Client: use dd-MMM-yyyy format for dates;
|
- Client: use dd-MMM-yyyy format for dates;
|
||||||
mm/dd/yyyy is ambiguous and mixed-endian
|
mm/dd/yyyy is ambiguous and mixed-endian
|
||||||
Fixes #406
|
Fixes #406
|
||||||
|
|
||||||
clientgui/
|
clientgui/
|
||||||
BOINCTaskBar.cpp
|
BOINCTaskBar.cpp
|
||||||
lib/
|
lib/
|
||||||
str_util.C
|
str_util.C
|
||||||
|
|
||||||
David 13 Sept 2007
|
David 13 Sept 2007
|
||||||
- client: restore <slot> element on GUI RPC result XML
|
- client: restore <slot> element on GUI RPC result XML
|
||||||
|
|
@ -8459,3 +8459,12 @@ David 13 Sept 2007
|
||||||
client/
|
client/
|
||||||
app.C
|
app.C
|
||||||
cpu_sched.C
|
cpu_sched.C
|
||||||
|
|
||||||
|
Rytis 13 Sep 2007
|
||||||
|
- User web: fix XSS vulnerability, web code update recommended
|
||||||
|
|
||||||
|
html/
|
||||||
|
inc/util.inc
|
||||||
|
user/
|
||||||
|
forum_text_search_action.php
|
||||||
|
user_search_action.php
|
||||||
|
|
|
||||||
|
|
@ -589,7 +589,7 @@ function get_int($name, $optional=false) {
|
||||||
if ($optional) {
|
if ($optional) {
|
||||||
return null;
|
return null;
|
||||||
} else {
|
} else {
|
||||||
error_page("missing or bad parameter: $name $x");
|
error_page("missing or bad parameter: $name; supplied: ".htmlspecialchars($x));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return (int)$x;
|
return (int)$x;
|
||||||
|
|
@ -602,7 +602,7 @@ function post_int($name, $optional=false) {
|
||||||
if ($optional) {
|
if ($optional) {
|
||||||
return null;
|
return null;
|
||||||
} else {
|
} else {
|
||||||
error_page("missing or bad parameter: $name $x");
|
error_page("missing or bad parameter: $name; supplied: ".htmlspecialchars($x));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return (int)$x;
|
return (int)$x;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
|
||||||
|
|
||||||
require_once("../inc/forum.inc");
|
require_once("../inc/forum.inc");
|
||||||
require_once("../inc/time.inc");
|
require_once("../inc/time.inc");
|
||||||
|
|
@ -28,19 +29,19 @@ if (isset($_GET['titles'])) {
|
||||||
$thread = mysql_fetch_object($result);
|
$thread = mysql_fetch_object($result);
|
||||||
show_thread($thread, $n+$offset+1);
|
show_thread($thread, $n+$offset+1);
|
||||||
$n += 1;
|
$n += 1;
|
||||||
}
|
}
|
||||||
echo "</table>";
|
echo "</table>";
|
||||||
}
|
}
|
||||||
mysql_free_result($result);
|
mysql_free_result($result);
|
||||||
|
|
||||||
if ($offset==0 && $n==0) {
|
if ($offset==0 && $n==0) {
|
||||||
echo sprintf(tr(FORUM_SEARCH_TITLES_NO),$search_string);//"No titles found containing '$search_string'";
|
echo sprintf(tr(FORUM_SEARCH_TITLES_NO),htmlspecialchars($search_string));//"No titles found containing '$search_string'";
|
||||||
}
|
}
|
||||||
|
|
||||||
} else if (isset($_GET['bodies'])) {
|
} else if (isset($_GET['bodies'])) {
|
||||||
$what .= 'bodies=1';
|
$what .= 'bodies=1';
|
||||||
|
|
||||||
page_head(sprintf(tr(FORUM_SEARCH_BODIES),$search_string));
|
page_head(sprintf(tr(FORUM_SEARCH_BODIES),htmlspecialchars($search_string)));
|
||||||
$q = "SELECT * FROM post ";
|
$q = "SELECT * FROM post ";
|
||||||
$q .= "LEFT JOIN thread ON post.thread = thread.id ";
|
$q .= "LEFT JOIN thread ON post.thread = thread.id ";
|
||||||
$q .= "WHERE MATCH(post.content) AGAINST ('$search_string_clean') ";
|
$q .= "WHERE MATCH(post.content) AGAINST ('$search_string_clean') ";
|
||||||
|
|
@ -59,7 +60,7 @@ if (isset($_GET['titles'])) {
|
||||||
}
|
}
|
||||||
mysql_free_result($result);
|
mysql_free_result($result);
|
||||||
if ($offset==0 && $n==0) {
|
if ($offset==0 && $n==0) {
|
||||||
echo sprintf(tr(FORUM_SEARCH_BODIES_NO),$search_string);
|
echo sprintf(tr(FORUM_SEARCH_BODIES_NO),htmlspecialchars($search_string));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
$cvs_version_tracker[]="\$Id$"; //Generated automatically - do not edit
|
||||||
|
|
||||||
require_once("../inc/db.inc");
|
require_once("../inc/db.inc");
|
||||||
require_once("../inc/util.inc");
|
require_once("../inc/util.inc");
|
||||||
|
|
@ -96,7 +97,7 @@ if (strlen($search_string)>=3) {
|
||||||
$n=0;
|
$n=0;
|
||||||
while ($user = mysql_fetch_object($result)) {
|
while ($user = mysql_fetch_object($result)) {
|
||||||
if ($n==0) {
|
if ($n==0) {
|
||||||
echo "<h2>User names starting with '$search_string' $nice_name</h2>\n";
|
echo "<h2>User names starting with '".htmlspecialchars($search_string)."' $nice_name</h2>\n";
|
||||||
print_table_header($urls, $nextd);
|
print_table_header($urls, $nextd);
|
||||||
}
|
}
|
||||||
show_user($user, $n+$offset+1);
|
show_user($user, $n+$offset+1);
|
||||||
|
|
@ -105,7 +106,7 @@ if (strlen($search_string)>=3) {
|
||||||
echo "</table>\n";
|
echo "</table>\n";
|
||||||
mysql_free_result($result);
|
mysql_free_result($result);
|
||||||
if (!$n) {
|
if (!$n) {
|
||||||
echo "<h2>No user names found starting with '$search_string'</h2>\n";
|
echo "<h2>No user names found starting with '".htmlspecialchars($search_string)."'</h2>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "<br><br>\n";
|
echo "<br><br>\n";
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue