Subject: cvs: pearweb /include site.php - msg#00041

Previous Message by Date: click to view message preview

cvs: pearweb /include pear-format-html.php

rasmus Fri Jul 8 14:22:24 2005 EDT Modified files: /pearweb/include pear-format-html.php Log: Oops, forgot to commit this one. HTTP_HOST is not really safe either. http://cvs.php.net/diff.php/pearweb/include/pear-format-html.php?r1=1.167&r2=1.168&ty=u Index: pearweb/include/pear-format-html.php diff -u pearweb/include/pear-format-html.php:1.167 pearweb/include/pear-format-html.php:1.168 --- pearweb/include/pear-format-html.php:1.167 Tue Jul 5 21:26:38 2005 +++ pearweb/include/pear-format-html.php Fri Jul 8 14:22:23 2005 @@ -15,7 +15,7 @@ +----------------------------------------------------------------------+ | Authors: | +----------------------------------------------------------------------+ - $Id: pear-format-html.php,v 1.167 2005/07/06 01:26:38 pajoye Exp $ + $Id: pear-format-html.php,v 1.168 2005/07/08 18:22:23 rasmus Exp $ */ PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'error_handler'); @@ -144,7 +144,7 @@ echo ' <link rel="stylesheet" href="' . $style_file . "\" />\n"; } ?> - <link rel="alternate" type="application/rss+xml" title="RSS feed" href="http://<?php echo $_SERVER['HTTP_HOST']; ?>/feeds/latest.rss" /> + <link rel="alternate" type="application/rss+xml" title="RSS feed" href="http://<?php echo strip_tags($_SERVER['HTTP_HOST']); ?>/feeds/latest.rss" /> </head> <body <?php @@ -742,7 +742,7 @@ return sprintf("<a href=\"/user/%s\">%s</a>&nbsp;%s\n", $handle, $row['name'], - ($row['wishlist'] != "" && $compact == false ? '['.make_link('http://' . $_SERVER['HTTP_HOST'] . '/wishlist.php/' . $handle, 'Wishlist').']' : '') + ($row['wishlist'] != "" && $compact == false ? '['.make_link('http://' . strip_tags($_SERVER['HTTP_HOST']) . '/wishlist.php/' . $handle, 'Wishlist').']' : '') ); }

Next Message by Date: click to view message preview

cvs: pearweb /public_html/pepr pepr-proposal-show.php

pajoye Fri Jul 8 21:26:18 2005 EDT Modified files: /pearweb/public_html/pepr pepr-proposal-show.php Log: - mind to stop playing? the 1st version was correct. Only pearweb was not updated. My revert of your commits introduced errors, apologizes for that. http://cvs.php.net/diff.php/pearweb/public_html/pepr/pepr-proposal-show.php?r1=1.50&r2=1.51&ty=u Index: pearweb/public_html/pepr/pepr-proposal-show.php diff -u pearweb/public_html/pepr/pepr-proposal-show.php:1.50 pearweb/public_html/pepr/pepr-proposal-show.php:1.51 --- pearweb/public_html/pepr/pepr-proposal-show.php:1.50 Fri Jul 8 12:32:19 2005 +++ pearweb/public_html/pepr/pepr-proposal-show.php Fri Jul 8 21:26:17 2005 @@ -17,7 +17,7 @@ * @author Daniel Convissor <danielc@xxxxxxx> * @copyright Copyright (c) 1997-2005 The PHP Group * @license http://www.php.net/license/3_0.txt PHP License - * @version $Id: pepr-proposal-show.php,v 1.50 2005/07/08 16:32:19 toby Exp $ + * @version $Id: pepr-proposal-show.php,v 1.51 2005/07/09 01:26:17 pajoye Exp $ */ /** @@ -25,7 +25,9 @@ */ require_once 'pepr/pepr.php'; -if (!$proposal =& proposal::get($dbh, @$_GET['id'])) { +$proposal_id = isset($_GET['id']) ? (int) $_GET['id'] : false; + +if (!$proposal_id || !($proposal =& proposal::get($dbh, $proposal_id))) { response_header('PEPr :: Details :: Invalid Request'); echo "<h1>Proposal for</h1>\n"; report_error('The requested proposal does not exist.');

Previous Message by Thread: click to view message preview

cvs: pearweb /public_html account-mail.php package-delete.php package-new.php /public_html/support lists.php

rasmus Fri Jul 8 14:11:30 2005 EDT Modified files: /pearweb/public_html account-mail.php package-delete.php package-new.php /pearweb/public_html/support lists.php Log: A few more XSS holes patched - plenty more http://cvs.php.net/diff.php/pearweb/public_html/account-mail.php?r1=1.21&r2=1.22&ty=u Index: pearweb/public_html/account-mail.php diff -u pearweb/public_html/account-mail.php:1.21 pearweb/public_html/account-mail.php:1.22 --- pearweb/public_html/account-mail.php:1.21 Sun Jul 3 20:32:58 2005 +++ pearweb/public_html/account-mail.php Fri Jul 8 14:11:30 2005 @@ -15,7 +15,7 @@ +----------------------------------------------------------------------+ | Authors: | +----------------------------------------------------------------------+ - $Id: account-mail.php,v 1.21 2005/07/04 00:32:58 dufuz Exp $ + $Id: account-mail.php,v 1.22 2005/07/08 18:11:30 rasmus Exp $ */ /** @@ -54,16 +54,16 @@ 'post', 'contact'); $form->addText('name', 'Y<span class="accesskey">o</span>ur Name:', - $data['name'], 40, null, 'accesskey="o"'); + htmlspecialchars($data['name']), 40, null, 'accesskey="o"'); $form->addPlaintext('CAPTCHA:', generate_captcha()); $form->addText('email', 'Email Address:', - $data['email'], 40, null); + htmlspecialchars($data['email']), 40, null); $form->addCheckBox('copy_me', 'Send me a copy of this mail:', - $data['copy_me']); + htmlspecialchars($data['copy_me'])); $form->addText('subject', 'Subject:', - $data['subject'], 40, null); + htmlspecialchars($data['subject']), 40, null); $form->addTextarea('text', 'Text:', - $data['text'], 35, 10, null); + htmlspecialchars($data['text']), 35, 10, null); $form->addSubmit('submit', 'Submit'); $form->display('class="form-holder"' . ' cellspacing="1"', http://cvs.php.net/diff.php/pearweb/public_html/package-delete.php?r1=1.15&r2=1.16&ty=u Index: pearweb/public_html/package-delete.php diff -u pearweb/public_html/package-delete.php:1.15 pearweb/public_html/package-delete.php:1.16 --- pearweb/public_html/package-delete.php:1.15 Tue May 3 15:42:23 2005 +++ pearweb/public_html/package-delete.php Fri Jul 8 14:11:30 2005 @@ -15,7 +15,7 @@ +----------------------------------------------------------------------+ | Authors: | +----------------------------------------------------------------------+ - $Id: package-delete.php,v 1.15 2005/05/03 19:42:23 cellog Exp $ + $Id: package-delete.php,v 1.16 2005/07/08 18:11:30 rasmus Exp $ */ /* @@ -41,7 +41,7 @@ '/package-delete.php?id=' . $_GET['id']); require_once 'HTML/Form.php'; - $form = new HTML_Form($_SERVER['PHP_SELF'] . '?id=' . $_GET['id'], 'POST'); + $form = new HTML_Form(htmlspecialchars($_SERVER['PHP_SELF']) . '?id=' . $_GET['id'], 'POST'); $form->start(); http://cvs.php.net/diff.php/pearweb/public_html/package-new.php?r1=1.30&r2=1.31&ty=u Index: pearweb/public_html/package-new.php diff -u pearweb/public_html/package-new.php:1.30 pearweb/public_html/package-new.php:1.31 --- pearweb/public_html/package-new.php:1.30 Sun Jul 3 20:38:16 2005 +++ pearweb/public_html/package-new.php Fri Jul 8 14:11:30 2005 @@ -15,7 +15,7 @@ +----------------------------------------------------------------------+ | Authors: | +----------------------------------------------------------------------+ - $Id: package-new.php,v 1.30 2005/07/04 00:38:16 dufuz Exp $ + $Id: package-new.php,v 1.31 2005/07/08 18:11:30 rasmus Exp $ */ require_once 'HTML/Form.php'; @@ -68,13 +68,13 @@ )); $dbh->popExpect(); if (DB::isError($pkg) && $pkg->getCode() == DB_ERROR_CONSTRAINT) { - error_handler("The `" . $_POST['name'] . "' package already exists!", + error_handler("The `" . htmlspecialchars($_POST['name']) . "' package already exists!", "Package already exists"); exit; } $display_form = false; response_header("Package Registered"); - print "The package `" . $_POST['name'] . "' has been registered in PEAR.<br />\n"; + print "The package `" . htmlspecialchars($_POST['name']) . "' has been registered in PEAR.<br />\n"; print "You have been assigned as lead developer.<br />\n"; print "The " . make_link("/group/", "PEAR Group") . " has been notified and the package will be approved soon.<br />\n"; } http://cvs.php.net/diff.php/pearweb/public_html/support/lists.php?r1=1.5&r2=1.6&ty=u Index: pearweb/public_html/support/lists.php diff -u pearweb/public_html/support/lists.php:1.5 pearweb/public_html/support/lists.php:1.6 --- pearweb/public_html/support/lists.php:1.5 Wed Feb 23 01:30:13 2005 +++ pearweb/public_html/support/lists.php Fri Jul 8 14:11:30 2005 @@ -15,7 +15,7 @@ +----------------------------------------------------------------------+ | Author: Martin Jansen <mj@xxxxxxx> | +----------------------------------------------------------------------+ - $Id: lists.php,v 1.5 2005/02/23 06:30:13 cellog Exp $ + $Id: lists.php,v 1.6 2005/07/08 18:11:30 rasmus Exp $ */ response_header("Support - Mailing Lists"); @@ -181,7 +181,7 @@ <a href="/manual/en/support.php">manual</a>. </p> -<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> +<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>"> <table class="form-holder" cellpadding="5" cellspacing="1"> <?php -- PEAR CVS Mailing List (http://pear.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php

Next Message by Thread: click to view message preview

cvs: pearweb /public_html/bugs/include functions.inc

pajoye Sat Jul 9 10:07:04 2005 EDT Modified files: /pearweb/public_html/bugs/include functions.inc Log: - fix search.php?package_name=My%20Cool%20Package http://cvs.php.net/diff.php/pearweb/public_html/bugs/include/functions.inc?r1=1.84&r2=1.85&ty=u Index: pearweb/public_html/bugs/include/functions.inc diff -u pearweb/public_html/bugs/include/functions.inc:1.84 pearweb/public_html/bugs/include/functions.inc:1.85 --- pearweb/public_html/bugs/include/functions.inc:1.84 Mon Jul 4 10:09:05 2005 +++ pearweb/public_html/bugs/include/functions.inc Sat Jul 9 10:07:04 2005 @@ -15,7 +15,7 @@ * @package Bugs * @copyright Copyright (c) 1997-2005 The PHP Group * @license http://www.php.net/license/3_0.txt PHP License - * @version $Id: functions.inc,v 1.84 2005/07/04 14:09:05 pajoye Exp $ + * @version $Id: functions.inc,v 1.85 2005/07/09 14:07:04 pajoye Exp $ */ @@ -519,9 +519,6 @@ } } } - if (!$use && $current && !is_array($current)) { - echo '<option selected="selected">' . $current . "</option>\n"; - } } /**