phpBMS

Context Navigation

← Previous Change
Next Change →

Changeset 704 for trunk/phpbms/modules/bms/report/incoming_cashflow.php

Timestamp:

01/01/10 23:10:02 (2 years ago)

Author:

brieb

Message:

Fixed several SQL injection vulnerabilities
Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
Fixed severa path disclosure errors

Files:

: 1 modified

trunk/phpbms/modules/bms/report/incoming_cashflow.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/phpbms/modules/bms/report/incoming_cashflow.php

r703	r704
536	536	$phpbms->showMenu = false;
537	537
538		$formSubmit = ~~str_replace("&","&",~~$_SERVER['REQUEST_URI']);
	538	$formSubmit = htmlentities($_SERVER['REQUEST_URI']);
539	539
540	540	$theform = new phpbmsForm();

Download in other formats:

phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.