Changeset 1934

Timestamp:

01/14/10 11:22:13 (14 years ago)

Author:

wmerlotto

Message:

Ticket #885 - Aplincando no branch a correção de vulnerabilidade.

Location:

branches/2.0

Files:

• phpgwapi/templates/classic/login_classic.php (modified) (1 diff)
• phpgwapi/templates/default/login_default.php (modified) (1 diff)
• preferences/preferences.php (modified) (1 diff)

branches/2.0/phpgwapi/templates/classic/login_classic.php

@@ -195 +195 @@
                         }
                 }
+                
+                $_GET['lang'] = addslashes($_GET['lang']);
                 if ($_GET['lang'])
                 {

branches/2.0/phpgwapi/templates/default/login_default.php

@@ -210 +210 @@
                         }
                 }
+                
+                $_GET['lang'] = addslashes($_GET['lang']);
                 if ($_GET['lang'])
                 {

branches/2.0/preferences/preferences.php

@@ -15 +15 @@
                 'noappheader'             => True,
                 'nonavbar'                => True,
-                'currentapp'              => @$_GET['appname'] ? $_GET['appname'] : 'preferences',
+                'currentapp'              => @addslashes($_GET['appname']) ? addslashes($_GET['appname']) : 'preferences',
                 'enable_nextmatchs_class' => True
         );