phpBMS

Show
Ignore:
Timestamp:
01/01/10 23:10:02 (2 years ago)
Author:
brieb
Message:
  • Fixed several SQL injection vulnerabilities
  • Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
  • Fixed severa path disclosure errors
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/modules/base/attachments_records.php

    r703 r704  
    8080                $_POST["startnum"]=1; 
    8181        } elseif($_POST["desc"]!="")  $displayTable->querysortorder.=" DESC"; 
    82          
     82 
    8383        //record offset? 
    8484        if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; 
     
    9494        <h1><?php echo $pageTitle ?></h1> 
    9595        <div> 
    96                 <form name="search" id="search" action="<?php echo $_SERVER["REQUEST_URI"]?>" method="post" onsubmit="setSelIDs(this);return true;"> 
     96                <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 
    9797                <input name="theids" type="hidden" value="" /> 
    9898                <?php 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.