phpBMS

Show
Ignore:
Timestamp:
01/01/10 23:10:02 (2 years ago)
Author:
brieb
Message:
  • Fixed several SQL injection vulnerabilities
  • Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
  • Fixed severa path disclosure errors
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/modules/bms/clients_addresses.php

    r702 r704  
    157157                //record offset? 
    158158                if(isset($_POST["offset"])) if($_POST["offset"]!="") $displayTable->recordoffset=$_POST["offset"]; 
    159                  
     159 
    160160                $displayTable->issueQuery(); 
    161161 
     
    171171                        <h1 id="h1Title"><?php echo $pageTitle?></h1> 
    172172 
    173                         <form name="search" id="search" action="<?php echo str_replace("&", "&amp;" ,$_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 
     173                        <form name="search" id="search" action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" onsubmit="setSelIDs(this);return true;"> 
    174174                        <input name="command" id="reset" type="submit"/> 
    175175                        <input name="theids" id="theids" type="hidden"  /> 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.