phpBMS

Show
Ignore:
Timestamp:
01/01/10 23:10:02 (2 years ago)
Author:
brieb
Message:
  • Fixed several SQL injection vulnerabilities
  • Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
  • Fixed severa path disclosure errors
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/modules/bms/products_prereq.php

    r702 r704  
    132132<?php $phpbms->showTabs("products entry","tab:9bfc7eea-5abb-f5d8-763f-f78fe499464d",$_GET["id"]);?><div class="bodyline"> 
    133133        <h1><span><?php echo $pageTitle ?></span></h1> 
    134         <form action="<?php echo $_SERVER["REQUEST_URI"] ?>" method="post" name="record"> 
     134        <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record"> 
    135135        <input id="deleteid" name="deleteid" type="hidden" value="0" /> 
    136136        <input id="command" name="command" type="hidden" value="" /> 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.