Changeset 704 for trunk/phpbms/modules/recurringinvoices/invoices_recurrence.php

Timestamp:

01/01/10 23:10:02 (2 years ago)

Author:

brieb

Message:

• Fixed several SQL injection vulnerabilities
• Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
• Fixed severa path disclosure errors

Files:

• trunk/phpbms/modules/recurringinvoices/invoices_recurrence.php (modified) (1 diff)

trunk/phpbms/modules/recurringinvoices/invoices_recurrence.php

@@ -150 +150 @@
         $phpbms->showTabs("invoices entry","tab:d303321e-7ff5-fe4b-29ec-fe3eb0305576",$_GET["id"]);
 ?><div class="bodyline">
-<form action="<?php echo $_SERVER["REQUEST_URI"] ?>"
+<form action="<?php echo htmlentities($_SERVER["REQUEST_URI"]) ?>"
         method="post" name="record" id="record"
         onsubmit="return false;">