tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-21 08:57:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Cross Site Scripting Issue in userchange.php

Browse Source 
Debugcode for handling invalid ViewID's left a XSS opportunity open.
This commit is contained in:
Andre Lorbach 2013-01-09 11:34:20 +01:00
parent e06d3ddc76
commit 2356e10efe
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/userchange.php
View File

@ -80,7 +80,7 @@ if ( isset($_GET['op']) )
else
{
// DEBUG
echo "DEBUG: " . $_SESSION['currentSourceID'] . " - $newViewID";
echo "DEBUG: " . $_SESSION['currentSourceID'] . " - " . htmlspecialchars($newViewID);
exit;
}
}