Changeset 704 for trunk/phpbms/report/general_labels.php

Timestamp:

01/01/10 23:10:02 (2 years ago)

Author:

brieb

Message:

• Fixed several SQL injection vulnerabilities
• Fixed several XSS vulnerabilities due to PHP_SELF and REQUREST_URI
• Fixed severa path disclosure errors

Files:

• trunk/phpbms/report/general_labels.php (modified) (2 diffs)

trunk/phpbms/report/general_labels.php

@@ -144 +144 @@
 
         ?>
-        <form action="<?php echo str_replace("&", "&amp;", $_SERVER["REQUEST_URI"])?>" method="post" name="print_form">
+        <form action="<?php echo htmlentities($_SERVER["REQUEST_URI"])?>" method="post" name="print_form">
             <div class="bodyline" id="reportOptions">
 
@@ -475 +475 @@
 
     $report = new pdfLabels($db, $_GET["rid"], $_GET["tid"]);
-    
+
     if(!isset($_POST["skipLabels"]))
         $report->displaySkipLabels();