Changeset 704 for trunk/phpbms/modules/base/modules_view.php

Timestamp:

01/01/10 23:10:02 (2 years ago)

Author:

brieb

Message:

• Fixed several SQL injection vulnerabilities
• Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
• Fixed severa path disclosure errors

Files:

• trunk/phpbms/modules/base/modules_view.php (modified) (1 diff)

trunk/phpbms/modules/base/modules_view.php

@@ -65 +65 @@
 
 <div class="bodyline">
-<form action="<?php echo $_SERVER["PHP_SELF"] ?>" method="post" name="record" onsubmit="return validateForm(this);">
+<form action="<?php echo htmlentities($_SERVER["PHP_SELF"]) ?>" method="post" name="record" onsubmit="return validateForm(this);">
         <h1 id="topTitle"><span><?php echo $pageTitle ?></span></h1>