tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed the vulnerability. http://cxsecurity.com/issue/WLB-2014110100 Thanks William Costa

This commit is contained in:
mdtrooper 2014-11-17 10:40:12 +01:00
parent e41a4415ec
commit e6eb72e49a
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pandora_console/general/header.php
View File

@ -375,15 +375,22 @@ config_check();
<?php
if ($_GET["refr"]) {
$_get_refr = strip_tags($_GET["refr"]);
?>
refr_time = parseInt("<?php echo $_get_refr; ?>");
if (isNaN(refr_time)) {
refr_time = 0;
}
t = new Date();
t.setTime (t.getTime () + <?php echo $config["refr"] * 1000; ?>);
t.setTime (t.getTime () +
parseInt(<?php echo $config["refr"] * 1000; ?>));
$("#refrcounter").countdown ({until: t,
layout: '%M%nn%M:%S%nn%S',
labels: ['', '', '', '', '', '', ''],
onExpiry: function () {
href = $("a.autorefresh").attr ("href");
href = href + <?php echo $_GET["refr"]; ?>;
href = href + refr_time;
$(document).attr ("location", href);
}
});