37 lines
1.7 KiB
Plaintext
37 lines
1.7 KiB
Plaintext
"Get rid of very contrived local-user XSS - can't be triggered from external"
|
|
from upstream CVS
|
|
|
|
$OpenBSD: patch-apc_php,v 1.1 2008/12/20 01:06:50 sthen Exp $
|
|
--- apc.php.orig Thu May 15 02:45:28 2008
|
|
+++ apc.php Fri Dec 19 19:29:50 2008
|
|
@@ -59,7 +59,7 @@ function defaults($d,$v) {
|
|
|
|
// rewrite $PHP_SELF to block XSS attacks
|
|
//
|
|
-$PHP_SELF= isset($_SERVER['PHP_SELF']) ? htmlentities(strip_tags($_SERVER['PHP_SELF'],''), ENT_QUOTES) : '';
|
|
+$PHP_SELF= isset($_SERVER['PHP_SELF']) ? htmlentities(strip_tags($_SERVER['PHP_SELF'],''), ENT_QUOTES, 'UTF-8') : '';
|
|
$time = time();
|
|
$host = getenv('HOSTNAME');
|
|
if($host) { $host = '('.$host.')'; }
|
|
@@ -1078,7 +1078,7 @@ EOB;
|
|
}
|
|
if (!$AUTHENTICATED) {
|
|
// hide all path entries if not logged in
|
|
- $list[$k.$entry[$fieldname]]=preg_replace('/^.*(\\/|\\\\)/','<i><hidden></i>/',$entry);
|
|
+ $list[$k.$entry[$fieldname]]=preg_replace('/^.*(\\/|\\\\)/','*hidden*/',$entry);
|
|
} else {
|
|
$list[$k.$entry[$fieldname]]=$entry;
|
|
}
|
|
@@ -1097,9 +1097,10 @@ EOB;
|
|
$i=0;
|
|
foreach($list as $k => $entry) {
|
|
if(!$MYREQUEST['SEARCH'] || preg_match($MYREQUEST['SEARCH'], $entry[$fieldname]) != 0) {
|
|
+ $field_value = htmlentities(strip_tags($entry[$fieldname],''), ENT_QUOTES, 'UTF-8');
|
|
echo
|
|
'<tr class=tr-',$i%2,'>',
|
|
- "<td class=td-0><a href=\"$MY_SELF&OB=",$MYREQUEST['OB'],"&SH=",md5($entry[$fieldkey]),"\">",$entry[$fieldname],'</a></td>',
|
|
+ "<td class=td-0><a href=\"$MY_SELF&OB=",$MYREQUEST['OB'],"&SH=",md5($entry[$fieldkey]),"\">",$field_value,'</a></td>',
|
|
'<td class="td-n center">',$entry['num_hits'],'</td>',
|
|
'<td class="td-n right">',$entry['mem_size'],'</td>',
|
|
'<td class="td-n center">',date(DATE_FORMAT,$entry['access_time']),'</td>',
|