phpBMS

Changeset 704 for trunk/phpbms/index.php

Show
Ignore:
Timestamp:
01/01/10 23:10:02 (2 years ago)
Author:
brieb
Message:
  • Fixed several SQL injection vulnerabilities
  • Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
  • Fixed severa path disclosure errors
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/index.php

    r702 r704  
    3838*/ 
    3939        require_once("include/session.php"); 
     40 
     41 
    4042        require_once("include/login_include.php"); 
    4143 
     
    5254 
    5355        }//endif 
     56 
     57 
     58        if(isset($_SESSION["userinfo"])) 
     59            goURL(DEFAULT_LOAD_PAGE); 
    5460 
    5561        $pageTitle = formatVariable(APPLICATION_NAME)." Log in"; 
     
    7480                </noscript> 
    7581 
    76                 <form name="form1" method="post" action="<?php echo $_SERVER["PHP_SELF"]?>"> 
     82                <form name="form1" method="post" action="<?php echo htmlentities($_SERVER["PHP_SELF"])?>"> 
    7783 
    7884                        <p> 
Scanned by Orvant Copyright © 2010 Kreotek, LLC. All Rights reserved.