Revision 1385
Added by FrankH about 14 years ago
- Security fix to filter out droplets from user input in news and form modules
branches/2.8.x/CHANGELOG | ||
---|---|---|
11 | 11 |
! = Update/Change |
12 | 12 |
|
13 | 13 |
------------------------------------- 2.8.2 ------------------------------------- |
14 |
16 Jan-2011 Build 1385 Frank Heyne (FrankH) |
|
15 |
# Security fix to filter out droplets from user input in news and form modules |
|
14 | 16 |
16 Jan-2011 Build 1384 Dietmar Woellbrink (Luisehahne) |
15 | 17 |
! Security fix in admin/pages |
16 | 18 |
15 Jan-2011 Build 1383 Frank Heyne (FrankH) |
branches/2.8.x/wb/admin/interface/version.php | ||
---|---|---|
52 | 52 |
|
53 | 53 |
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) |
54 | 54 |
if(!defined('VERSION')) define('VERSION', '2.8.2.RC4'); |
55 |
if(!defined('REVISION')) define('REVISION', '1384');
|
|
55 |
if(!defined('REVISION')) define('REVISION', '1385');
|
|
56 | 56 |
|
57 | 57 |
?> |
branches/2.8.x/wb/modules/form/view.php | ||
---|---|---|
325 | 325 |
// Add to message body |
326 | 326 |
if($field['type'] != '') { |
327 | 327 |
if(!empty($_POST['field'.$field['field_id']])) { |
328 |
// do not allow droplets in user input! |
|
328 | 329 |
if (is_array($_POST['field'.$field['field_id']])) { |
329 |
$_SESSION['field'.$field['field_id']] = $_POST['field'.$field['field_id']];
|
|
330 |
$_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), $_POST['field'.$field['field_id']]);
|
|
330 | 331 |
} else { |
331 |
$_SESSION['field'.$field['field_id']] = htmlspecialchars($_POST['field'.$field['field_id']]);
|
|
332 |
$_SESSION['field'.$field['field_id']] = str_replace(array("[[", "]]"), array("[[", "]]"), htmlspecialchars($_POST['field'.$field['field_id']]));
|
|
332 | 333 |
} |
333 | 334 |
// if the output filter is active, we need to revert (dot) to . and (at) to @ (using current filter settings) |
334 | 335 |
// otherwise the entered mail will not be accepted and the recipient would see (dot), (at) etc. |
branches/2.8.x/wb/modules/news/save_comment.php | ||
---|---|---|
51 | 51 |
$title = strip_tags($admin->get_post_escaped('title')); |
52 | 52 |
$comment = strip_tags($admin->get_post_escaped('comment')); |
53 | 53 |
$post_id = $admin->getIDKEY($admin->get_post('post_id')); |
54 |
|
|
55 |
// do not allow droplets in user input! |
|
56 |
$title = str_replace(array("[[", "]]"), array("[[", "]]"), $title); |
|
57 |
$comment = str_replace(array("[[", "]]"), array("[[", "]]"), $comment); |
|
54 | 58 |
} |
55 | 59 |
|
56 | 60 |
// Update row |
Also available in: Unified diff