Loading...

XML

Word

Printable

Details

Type: Improvement
Resolution: Fixed
Priority: Critical
Fix Version/s: None
Affects Version/s: None
Component/s: Web Interface
Labels:

Description

Attached patch escapes some more output show to user. Fixes XSS exploits.
Also added a wrapper function (escape()) for the htmlspecialchars (long and boring to type..). Let me know if another name may be more suitable for the function. I did not change all the htmlspecialchars yet, waste of time if this does not get commited

Other changes;
Changed $_POST/GET into $vars in multiple files in html/
Removed mres for place it was not needed or was redundant.
Fixed a typo in generic_definition.inc.php
Check if bill name is set when adding bill, if not don't add an empty entry to DB

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

security-and-misc-fixesv2.patch
63 kB
2015/01/24 10:44 AM

Activity

People

Assignee:: Mike Stupalov

Reporter:: Kent Johannessen

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2015/01/04 11:27 PM

Updated:: 2015/02/02 06:00 PM

Resolved:: 2015/01/28 07:57 AM