tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 18:59:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Cross site scripting issue of id parameter on admin/reports.php page

Browse Source
This commit is contained in:
Andre Lorbach 2012-05-22 12:10:51 +02:00
parent 69ff2d22f8
commit 2e62839897
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/admin/reports.php
View File

@ -89,7 +89,7 @@ if ( isset($_GET['op']) )
if ( isset($_GET['id']) ) if ( isset($_GET['id']) )
{ {
//PreInit these values //PreInit these values
$content['ReportID'] = DB_RemoveBadChars($_GET['id']); $content['ReportID'] = strip_tags(DB_RemoveBadChars($_GET['id']));
if ( isset($content['REPORTS'][ $content['ReportID'] ]) ) if ( isset($content['REPORTS'][ $content['ReportID'] ]) )
{ {
// Get Reference to parser! // Get Reference to parser!
@ -181,7 +181,7 @@ if ( isset($_GET['op']) )
if ( isset($_GET['id']) ) if ( isset($_GET['id']) )
{ {
//PreInit these values //PreInit these values
$content['ReportID'] = DB_RemoveBadChars($_GET['id']); $content['ReportID'] = strip_tags(DB_RemoveBadChars($_GET['id']));
if ( isset($content['REPORTS'][ $content['ReportID'] ]) ) if ( isset($content['REPORTS'][ $content['ReportID'] ]) )
{ {
// Get Reference to parser! // Get Reference to parser!
@ -245,7 +245,7 @@ if ( isset($_GET['op']) )
if ( isset($_GET['id']) ) if ( isset($_GET['id']) )
{ {
//PreInit these values //PreInit these values
$content['ReportID'] = DB_RemoveBadChars($_GET['id']); $content['ReportID'] = strip_tags(DB_RemoveBadChars($_GET['id']));
if ( isset($content['REPORTS'][ $content['ReportID'] ]) ) if ( isset($content['REPORTS'][ $content['ReportID'] ]) )
{ {
// Get Reference to parser! // Get Reference to parser!
@ -312,7 +312,7 @@ if ( isset($_GET['op']) )
if ( isset($_GET['id']) ) if ( isset($_GET['id']) )
{ {
//PreInit these values //PreInit these values
$content['ReportID'] = DB_RemoveBadChars($_GET['id']); $content['ReportID'] = strip_tags(DB_RemoveBadChars($_GET['id']));
// Init Form variables // Init Form variables
$content['ISADDSAVEDREPORT'] = "true"; $content['ISADDSAVEDREPORT'] = "true";
@ -408,7 +408,7 @@ if ( isset($_GET['op']) )
if ( isset($_GET['id']) ) if ( isset($_GET['id']) )
{ {
//PreInit these values //PreInit these values
$content['ReportID'] = DB_RemoveBadChars($_GET['id']); $content['ReportID'] = strip_tags(DB_RemoveBadChars($_GET['id']));
if ( isset($content['REPORTS'][ $content['ReportID'] ]) ) if ( isset($content['REPORTS'][ $content['ReportID'] ]) )
{ {
// Get Reference to report! // Get Reference to report!