Changeset 704 for trunk/phpbms/modules/bms/clients_credit.php

Timestamp:

01/01/10 23:10:02 (2 years ago)

Author:

brieb

Message:

• Fixed several SQL injection vulnerabilities
• Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
• Fixed severa path disclosure errors

Files:

• trunk/phpbms/modules/bms/clients_credit.php (modified) (1 diff)

trunk/phpbms/modules/bms/clients_credit.php

@@ -89 +89 @@
 
         $phpbms->showTabs("clients entry", "tab:5a6ef814-2689-4e3b-2609-db43fb3cc001", ((int) $_GET["id"]));?><div class="bodyline">
-        <form action="<?php echo str_replace("&","&amp;",$_SERVER["REQUEST_URI"]) ?>"
+        <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>"
         method="post" name="record" id="record">
                 <div id="topButtons">