diff options
| author | Filip Komar <filip@mageia.org> | 2014-01-10 20:16:39 +0000 |
|---|---|---|
| committer | Filip Komar <filip@mageia.org> | 2014-01-10 20:16:39 +0000 |
| commit | 4226ef6f206ce7a5d81b3f04b85d4b47937a0f0f (patch) | |
| tree | 4a57df1895b89fe6ac4dcc2c534c7f4e28d691a0 | |
| parent | e861636e2f1c43ba899c265bcae30bbaefa2fe60 (diff) | |
| download | www-4226ef6f206ce7a5d81b3f04b85d4b47937a0f0f.tar www-4226ef6f206ce7a5d81b3f04b85d4b47937a0f0f.tar.gz www-4226ef6f206ce7a5d81b3f04b85d4b47937a0f0f.tar.bz2 www-4226ef6f206ce7a5d81b3f04b85d4b47937a0f0f.tar.xz www-4226ef6f206ce7a5d81b3f04b85d4b47937a0f0f.zip | |
security improved for some pages with strip_tags of
| -rw-r--r-- | en/about/constitution/index.php | 6 | ||||
| -rw-r--r-- | en/downloads/get/index.php | 5 | ||||
| -rw-r--r-- | langs/diff.php | 6 | ||||
| -rw-r--r-- | langs/missing.php | 4 |
4 files changed, 12 insertions, 9 deletions
diff --git a/en/about/constitution/index.php b/en/about/constitution/index.php index 00bcb49f9..70ae88108 100644 --- a/en/about/constitution/index.php +++ b/en/about/constitution/index.php @@ -34,9 +34,9 @@ _lang_load($locale, "about/constitution"); <div class="para"> <?php include G_APP_ROOT . '/lib/php-markdown/markdown.php'; - $l = isset($_GET['l']) ? $_GET['l'] : $locale; - if(in_array($l, array('en', 'fr', 'sl', 'tr', 'ro', 'de', 'pt-br', 'el', 'id', 'uk', 'ru', 'es'))) { - echo Markdown(file_get_contents('mageia.org_statutes_' . $l . '.md')); +// $l = isset($_GET['l']) ? $_GET['l'] : $locale; + if(in_array($locale, array('en', 'fr', 'sl', 'tr', 'ro', 'de', 'pt-br', 'el', 'id', 'uk', 'ru', 'es'))) { + echo Markdown(file_get_contents('mageia.org_statutes_' . $locale . '.md')); } else { echo Markdown(file_get_contents('mageia.org_statutes_en.md')); } diff --git a/en/downloads/get/index.php b/en/downloads/get/index.php index ca1325af3..39d7a7f56 100644 --- a/en/downloads/get/index.php +++ b/en/downloads/get/index.php @@ -38,7 +38,10 @@ require 'lib.php'; // request $product = get('q'); $debug = get('d'); -$torrent = isset($_GET['torrent']) ? true : false; +if (isset($_GET['torrent'])) { + $torrent = strip_tags(trim($_GET['torrent'])); +} +$torrent = isset($torrent) ? true : false; if (is_null($product)) { header('Location: /downloads/'); diff --git a/langs/diff.php b/langs/diff.php index ccc7f6416..117d38a9e 100644 --- a/langs/diff.php +++ b/langs/diff.php @@ -4,8 +4,8 @@ * against matching file in language 'l', if it exists. */ -$source_file = isset($_GET['s']) ? trim($_GET['s']) : null; -$target_lang = isset($_GET['l']) ? trim($_GET['l']) : null; +$source_file = isset($_GET['s']) ? strip_tags(trim($_GET['s'])) : null; +$target_lang = isset($_GET['l']) ? strip_tags(trim($_GET['l'])) : null; if (is_null($source_file) || is_null($target_lang)) { @@ -113,7 +113,7 @@ header('Content-Type: text/html;charset=utf-8'); </style> </head> <body> - <?php echo $s; ?> + <?php echo $s; $test_1 = TRUE; $test = strip_tags($test_1); echo '1. test: ' . $test; ?> <hr> </body> </html> diff --git a/langs/missing.php b/langs/missing.php index 03b6cd698..c8f5a4705 100644 --- a/langs/missing.php +++ b/langs/missing.php @@ -2,8 +2,8 @@ /** */ -$s = isset($_GET['s']) ? trim($_GET['s']) : null; -$l = isset($_GET['l']) ? trim($_GET['l']) : null; +$s = isset($_GET['s']) ? strip_tags(trim($_GET['s'])) : null; +$l = isset($_GET['l']) ? strip_tags(trim($_GET['l'])) : null; if (is_null($s)) { header('Location: /langs/report.php'); |