phpBMS

Show
Ignore:
Timestamp:
01/01/10 23:10:02 (2 years ago)
Author:
brieb
Message:
  • Fixed several SQL injection vulnerabilities
  • Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
  • Fixed severa path disclosure errors
Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/phpbms/modules/bms/report/aritems_clientstatement.php

    r703 r704  
    499499                $phpbms->showMenu = false; 
    500500 
    501                 $formSubmit = str_replace("&","&",$_SERVER['REQUEST_URI']); 
     501                $formSubmit = htmlentities($_SERVER['REQUEST_URI']); 
    502502 
    503503                $theform = new phpbmsForm(); 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.