Merge branch '1055_Vulnerabilidad_XSS_rev' into 'develop'

fixed error XSS in login_page See merge request !637
2017-06-30 13:30:18 +02:00 · 2017-06-30 13:30:18 +02:00 · b8c1227e7e
parent 5eb53d599a b4ca9c958d
commit b8c1227e7e
1 changed files with 10 additions and 0 deletions
--- a/pandora_console/general/login_page.php
+++ b/pandora_console/general/login_page.php
@ -134,6 +134,11 @@ echo '<div class="login_page">';
 	switch ($login_screen) {
 		case 'logout':
 		case 'login':
+			if (!empty ($page) && !empty ($sec)) {
+				foreach ($_POST as $key => $value) {
+					html_print_input_hidden (io_safe_input($key), $value);
+				}
+			}
 			if ($config['auth'] == 'saml') {
 				echo '<div id="log_nick" class="login_nick" style="display: none;">';
 					echo '<div>';
@ -185,6 +190,11 @@ echo '<div class="login_page">';
 			
 			break;
 		case 'double_auth':
+			if (!empty ($page) && !empty ($sec)) {
+				foreach ($_POST as $key => $value) {
+					html_print_input_hidden (io_safe_input($key), $value);
+				}
+			}
 			echo '<div class="login_nick">';
 			echo '<div>';
 				html_print_image ("/images/icono_autenticacion.png", false);