tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixed error xss in login page

Browse Source
This commit is contained in:
daniel 2017-06-29 13:07:35 +02:00
parent 204681dbc0
commit bea2a38969
2 changed files with 3 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pandora_console/general/login_page.php
View File

@ -134,11 +134,6 @@ echo '<div class="login_page">';
switch ($login_screen) { switch ($login_screen) {
case 'logout': case 'logout':
case 'login': case 'login':
if (!empty ($page) && !empty ($sec)) {
foreach ($_POST as $key => $value) {
html_print_input_hidden ($key, $value);
}
}
if ($config['auth'] == 'saml') { if ($config['auth'] == 'saml') {
echo '<div id="log_nick" class="login_nick" style="display: none;">'; echo '<div id="log_nick" class="login_nick" style="display: none;">';
echo '<div>'; echo '<div>';
@ -190,11 +185,6 @@ echo '<div class="login_page">';
break; break;
case 'double_auth': case 'double_auth':
if (!empty ($page) && !empty ($sec)) {
foreach ($_POST as $key => $value) {
html_print_input_hidden ($key, $value);
}
}
echo '<div class="login_nick">'; echo '<div class="login_nick">';
echo '<div>'; echo '<div>';
html_print_image ("/images/icono_autenticacion.png", false); html_print_image ("/images/icono_autenticacion.png", false);

6
pandora_console/index.php
View File

@ -351,7 +351,7 @@ if (! isset ($config['id_user'])) {
if (($nick_in_db != false) && ((!is_user_admin($nick) if (($nick_in_db != false) && ((!is_user_admin($nick)
|| $config['enable_pass_policy_admin'])) || $config['enable_pass_policy_admin']))
&& (defined('PANDORA_ENTERPRISE')) && (file_exists (ENTERPRISE_DIR . "/load_enterprise.php"))
&& ($config['enable_pass_policy'])) { && ($config['enable_pass_policy'])) {
include_once(ENTERPRISE_DIR . "/include/auth/mysql.php"); include_once(ENTERPRISE_DIR . "/include/auth/mysql.php");
@ -523,12 +523,12 @@ if (! isset ($config['id_user'])) {
else { //login wrong else { //login wrong
$blocked = false; $blocked = false;
if ((!is_user_admin($nick) || $config['enable_pass_policy_admin']) && defined('PANDORA_ENTERPRISE')) { if ((!is_user_admin($nick) || $config['enable_pass_policy_admin']) && file_exists (ENTERPRISE_DIR . "/load_enterprise.php")) {
$blocked = login_check_blocked($nick); $blocked = login_check_blocked($nick);
} }
if (!$blocked) { if (!$blocked) {
if (defined('PANDORA_ENTERPRISE')) { if (file_exists (ENTERPRISE_DIR . "/load_enterprise.php")) {
login_check_failed($nick); //Checks failed attempts login_check_failed($nick); //Checks failed attempts
} }
$login_failed = true; $login_failed = true;