phpBMS

Show
Ignore:
Timestamp:
01/01/10 23:10:02 (2 years ago)
Author:
brieb
Message:
  • Fixed several SQL injection vulnerabilities
  • Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
  • Fixed severa path disclosure errors
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/modules/bms/receipts_addedit.php

    r702 r704  
    4747                        $backurl .= "?refid=".$_GET["refid"]; 
    4848        } 
    49          
     49 
    5050        if(!isset($_GET["id"])) 
    5151                $_GET["id"] = 0; 
     
    140140 
    141141?><div class="bodyline"> 
    142 <form action="<?php echo str_replace("&", "&amp;", $_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record"> 
     142<form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>" method="post" name="record" id="record"> 
    143143 
    144144        <div id="topButtons"><?php showSaveCancel(1); ?></div> 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.