tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-21 17:08:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Cross Site scripting issue in asktheoracle.php

Browse Source
This commit is contained in:
Andre Lorbach 2012-12-19 12:25:17 +01:00
parent 0bcee2b490
commit c4909c1f13
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,6 +1,8 @@
---------------------------------------------------------------------------
Version 3.6.1 (stable), 2012-??-??
Version 3.6.1 (stable), 2012-12-19
- Cosmetic fix in login.php, fixed static language strings.
- Fixed Cross Site scripting issue in asktheoracle.php
(oracle_query parameter)
---------------------------------------------------------------------------
Version 3.6.0 (stable), 2012-12-04
- Bugfix: Fixed "DiskAllowed" checking in Disklogstream. Filenames are now

8
src/asktheoracle.php
View File

@ -106,9 +106,9 @@ else
$content['showonlinesearches'] = false;
}
$content['ORACLE_HELP_DETAIL'] = GetAndReplaceLangStr( $content['LN_ORACLE_HELP_DETAIL'], $content['oracle_type_readable'], $content['oracle_query'] ) ;
$content['ORACLE_HELP_TEXT'] = GetAndReplaceLangStr( $content['LN_ORACLE_HELP_TEXT'], $content['oracle_type_readable'], $content['oracle_query'], $content['LN_ORACLE_HELP_TEXT_EXTERNAL'] ) ;
$content['ORACLE_WHOIS'] = GetAndReplaceLangStr( $content['LN_ORACLE_WHOIS'], $content['oracle_type_readable'], $content['oracle_query'] ) ;
$content['ORACLE_HELP_DETAIL'] = GetAndReplaceLangStr( $content['LN_ORACLE_HELP_DETAIL'], $content['oracle_type_readable'], urlencode($content['oracle_query']) ) ;
$content['ORACLE_HELP_TEXT'] = GetAndReplaceLangStr( $content['LN_ORACLE_HELP_TEXT'], $content['oracle_type_readable'], urlencode($content['oracle_query']), $content['LN_ORACLE_HELP_TEXT_EXTERNAL'] ) ;
$content['ORACLE_WHOIS'] = GetAndReplaceLangStr( $content['LN_ORACLE_WHOIS'], $content['oracle_type_readable'], urlencode($content['oracle_query']) ) ;
$content['WhoisUrl'] = "http://kb.monitorware.com/kbsearch.php?sa=whois&oid=" . $content['oracle_kb_type'] . "&origin=phplogcon&q=" . urlencode($content['oracle_query']);
// Set Field Captions!
@ -145,7 +145,7 @@ foreach( $content['Sources'] as $mySource )
// --- BEGIN CREATE TITLE
$content['TITLE'] = InitPageTitle();
// Append custom title part!
$content['TITLE'] .= GetAndReplaceLangStr( $content['LN_ORACLE_TITLE'], $content['oracle_query']);
$content['TITLE'] .= GetAndReplaceLangStr( $content['LN_ORACLE_TITLE'], urlencode($content['oracle_query']));
// --- END CREATE TITLE
// --- Parsen and Output