diff options
author | Remi Collet <remi@remirepo.net> | 2018-03-17 08:10:16 +0100 |
---|---|---|
committer | Remi Collet <remi@remirepo.net> | 2018-03-17 08:10:16 +0100 |
commit | fc96accb1b87c262be71a9cef5201aed4b9db0d1 (patch) | |
tree | c523f2ee31688010cafe36efdfd3f9b12b3255f3 /3421ff97909c794839a731e68eb8910a8dea7cc2.patch | |
parent | b6674b0a774a10cbae4e969b9d6c15d2aa1397cb (diff) |
escape get keys to prevent possible xss CVE-2018-7563
Diffstat (limited to '3421ff97909c794839a731e68eb8910a8dea7cc2.patch')
-rw-r--r-- | 3421ff97909c794839a731e68eb8910a8dea7cc2.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/3421ff97909c794839a731e68eb8910a8dea7cc2.patch b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch new file mode 100644 index 0000000..6c39d87 --- /dev/null +++ b/3421ff97909c794839a731e68eb8910a8dea7cc2.patch @@ -0,0 +1,21 @@ +From 3421ff97909c794839a731e68eb8910a8dea7cc2 Mon Sep 17 00:00:00 2001 +From: Johan Cwiklinski <jcwiklinski@teclib.com> +Date: Thu, 1 Mar 2018 09:26:04 +0100 +Subject: [PATCH] Escape get keys to prevent possible xss + +--- + inc/html.class.php | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/inc/html.class.php b/inc/html.class.php +index a985db5250..bcf1ab4c0c 100644 +--- a/inc/html.class.php ++++ b/inc/html.class.php +@@ -4096,6 +4096,7 @@ static function printCleanArray($tab, $pad=0,$jsexpand=false) { + echo "<tr><th>KEY</th><th>=></th><th>VALUE</th></tr>"; + + foreach ($tab as $key => $val) { ++ $key = Toolbox::clean_cross_side_scripting_deep($key); + echo "<tr class='tab_bg_1'><td class='top right'>"; + echo $key; + $is_array = is_array($val); |