Project

General

Profile

« Previous | Next » 

Revision 654

Added by thorn over 16 years ago

Fixed possible XSS-vulnerability in wb/search/search.php

View differences:

trunk/CHANGELOG
11 11 
! = Update/Change
12 12 

  		




  13
  13
  
    
------------------------------------- 2.7.0 -------------------------------------


  		




  
  14
  
    
01-Feb-2008 Thomas Hornik


  		




  
  15
  
    
#	Fixed possible XSS-vulnerability in wb/search/search.php


  		




  14
  16
  
    
31-Jan-2008 Thomas Hornik


  		




  15
  17
  
    
!	Adjusted clock-red icon to match wb colors


  		




  16
  18
  
    
#	admin/pages: the parent dropdown-list in index.php and settings.php showed foreign private pages, too. Fixed.


  		












  

    
      trunk/wb/search/search.php
    
  





  70
  70
  
    
// Get the search type


  		




  71
  71
  
    
$match = 'all';


  		




  72
  72
  
    
if(isset($_REQUEST['match'])) {


  		




  73
  
  
    
	$match = $_REQUEST['match'];


  		




  
  73
  
    
	$match = $wb->add_slashes(strip_tags($_REQUEST['match']));


  		




  74
  74
  
    
}


  		




  75
  75
  
    

  		




  76
  76
  
    
// Get the path to search into. Normally left blank


  		




  ......




  83
  83
  
    
$search_path_SQL = "";


  		




  84
  84
  
    
$search_path = "";


  		




  85
  85
  
    
if(isset($_REQUEST['search_path'])) {


  		




  86
  
  
    
	$search_path = $_REQUEST['search_path'];


  		




  
  86
  
    
	$search_path = $wb->add_slashes(strip_tags($_REQUEST['search_path']));


  		




  87
  87
  
    
	if($search_path != '') {


  		




  88
  88
  
    
		$search_path_SQL = "AND ( ";


  		




  89
  89
  
    
		$not = "";


  		




  ......




  121
  121
  
    
	if ($match!='exact') {


  		




  122
  122
  
    
		$string=str_replace(',', '', $_REQUEST['string']);


  		




  123
  123
  
    
	} else {


  		




  124
  
  
    
		$string=$_REQUEST['string'];


  		




  
  124
  
    
		$string=$_REQUEST['string']; // $string will be cleaned below


  		




  125
  125
  
    
	}


  		




  126
  126
  
    
	// redo possible magic quotes


  		




  127
  127
  
    
	$string = $wb->strip_slashes($string);


  		




  128
  128
  
    
	$string = htmlspecialchars($string);


  		




  129
  129
  
    
	$search_display_string = $string;


  		




  130
  
  
    
	// simulate mysql_real_escape_string()


  		




  131
  
  
    
	$string = strtr($string, array("\x00"=>"\\\x00", "\n"=>"\\\n", "\r"=>"\\\r", '\\'=>'\\\\','\''=>'\\\'','"'=>"\\\"","\x1a"=>"\\\x1a"));


  		




  
  130
  
    
	// do really addslashes()


  		




  
  131
  
    
	$string = $wb->add_slashes($string);


  		




  132
  132
  
    
	// remove some bad chars


  		




  133
  133
  
    
	$string = preg_replace("/(^|\s+)([.])+(?=\s+|$)/", "", $string);


  		




  134
  134
  
    
	// mySQL needs four backslashes to match one in LIKE comparisons)


  		












Also available in:  Unified diff