[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnuheter-dev] user: isRealUser, XSS
From: |
Ulf Harnhammar |
Subject: |
[Gnuheter-dev] user: isRealUser, XSS |
Date: |
Thu, 11 Jul 2002 10:52:44 +0200 (CEST) |
Hej,
här är en patch för user.php. Den anropar isRealUser() för att undvika
spoofning av användaruppgiftsändringar. Den fixar också några XSS-problem.
// Ulf Härnhammar
--- user.php.old Thu Jul 11 10:34:13 2002
+++ user.php Thu Jul 11 10:44:30 2002
@@ -26,6 +26,7 @@
# $Id: user.php,v 1.5 2002/06/22 14:18:31 pawal Exp $
if(!isset($mainfile)) { include('mainfile.php'); }
+isRealUser($HTTP_COOKIE_VARS['user']);
function user_nav() {
html_page_head();
@@ -459,6 +460,11 @@
} elseif (($pass != "") && (strlen($pass) < $minpass)) {
echo "<div align=\"center\">".translate("Sorry, your password
must be at least")." <b>$minpass</b> ".translate("characters long")."</div>\n";
} else {
+ $name = strip_tags($name);
+ $email = strip_tags($email);
+ $femail = strip_tags($femail);
+ $url = strip_tags($url);
+
if ($bio) { $bio = filter_text($bio); $bio = FixQuotes($bio); }
if ($pass != "") {
dbconnect();
gnuheter_patch37
Description: Text document
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnuheter-dev] user: isRealUser, XSS,
Ulf Harnhammar <=