tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-27 15:54:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '1055_Vulnerabilidad_XSS_rev' into 'develop'

Browse Source 
fixed error XSS in login_page

See merge request !637
This commit is contained in:
mariopulido 2017-06-30 13:30:18 +02:00
commit b8c1227e7e
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pandora_console/general/login_page.php
View File

@ -134,6 +134,11 @@ echo '<div class="login_page">';
switch ($login_screen) { switch ($login_screen) {
case 'logout': case 'logout':
case 'login': case 'login':
if (!empty ($page) && !empty ($sec)) {
foreach ($_POST as $key => $value) {
html_print_input_hidden (io_safe_input($key), $value);
}
}
if ($config['auth'] == 'saml') { if ($config['auth'] == 'saml') {
echo '<div id="log_nick" class="login_nick" style="display: none;">'; echo '<div id="log_nick" class="login_nick" style="display: none;">';
echo '<div>'; echo '<div>';
@ -185,6 +190,11 @@ echo '<div class="login_page">';
break; break;
case 'double_auth': case 'double_auth':
if (!empty ($page) && !empty ($sec)) {
foreach ($_POST as $key => $value) {
html_print_input_hidden (io_safe_input($key), $value);
}
}
echo '<div class="login_nick">'; echo '<div class="login_nick">';
echo '<div>'; echo '<div>';
html_print_image ("/images/icono_autenticacion.png", false); html_print_image ("/images/icono_autenticacion.png", false);