Changeset 704 for trunk/phpbms/include/search_class.php

Timestamp:

01/01/10 23:10:02 (2 years ago)

Author:

brieb

Message:

• Fixed several SQL injection vulnerabilities
• Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
• Fixed severa path disclosure errors

Files:

• trunk/phpbms/include/search_class.php (modified) (2 diffs)

trunk/phpbms/include/search_class.php

@@ -304 +304 @@
                                  if($this->numrows==RECORD_LIMIT or $this->recordoffset!=0){
                                     //if you max the record limit or are already offsetiing get the true count
-                                        
+
                                         $truecountstatement = "
                                                 SELECT
@@ -587 +587 @@
 
                 ?>
-<form name="search" id="search" method="post" action="<?php echo $_SERVER["PHP_SELF"]?>?id=<?php echo $this->thetabledef["uuid"]?>" onsubmit="setSelIDs(this);return true;">
+<form name="search" id="search" method="post" action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>?id=<?php echo $this->thetabledef["uuid"]?>" onsubmit="setSelIDs(this);return true;">
 <input id="tabledefid" name="tabledefid" type="hidden" value="<?php echo $this->thetabledef["id"]?>" />
 <input id="theids" name="theids" type="hidden" value="" />