From e6eb72e49af9ed5e16985b87efb789132368ba44 Mon Sep 17 00:00:00 2001
From: mdtrooper <tres.14159@gmail.com>
Date: Mon, 17 Nov 2014 10:40:12 +0100
Subject: [PATCH] Fixed the vulnerability.
 http://cxsecurity.com/issue/WLB-2014110100 Thanks William Costa

---
 pandora_console/general/header.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/pandora_console/general/header.php b/pandora_console/general/header.php
index 9b02b2c31f..9c1524aabf 100644
--- a/pandora_console/general/header.php
+++ b/pandora_console/general/header.php
@@ -375,15 +375,22 @@ config_check();
 		
 		<?php
 		if ($_GET["refr"]) {
+			$_get_refr = strip_tags($_GET["refr"]);
 		?>
+			refr_time = parseInt("<?php echo $_get_refr; ?>");
+			if (isNaN(refr_time)) {
+				refr_time = 0;
+			}
+			
 			t = new Date();
-			t.setTime (t.getTime () + <?php echo $config["refr"] * 1000; ?>);
+			t.setTime (t.getTime () +
+				parseInt(<?php echo $config["refr"] * 1000; ?>));
 			$("#refrcounter").countdown ({until: t, 
 				layout: '%M%nn%M:%S%nn%S',
 				labels: ['', '', '', '', '', '', ''],
 				onExpiry: function () {
 						href = $("a.autorefresh").attr ("href");
-						href = href + <?php echo $_GET["refr"]; ?>;
+						href = href + refr_time;
 						$(document).attr ("location", href);
 					}
 				});