tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-28 08:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed the vulnerability. http://cxsecurity.com/issue/WLB-2014110100 Thanks William Costa

Browse Source
This commit is contained in:
mdtrooper 2014-11-17 10:40:12 +01:00
parent e41a4415ec
commit e6eb72e49a
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pandora_console/general/header.php
View File

@ -375,15 +375,22 @@ config_check();
<?php <?php
if ($_GET["refr"]) { if ($_GET["refr"]) {
$_get_refr = strip_tags($_GET["refr"]);
?> ?>
refr_time = parseInt("<?php echo $_get_refr; ?>");
if (isNaN(refr_time)) {
refr_time = 0;
}
t = new Date(); t = new Date();
t.setTime (t.getTime () + <?php echo $config["refr"] * 1000; ?>); t.setTime (t.getTime () +
parseInt(<?php echo $config["refr"] * 1000; ?>));
$("#refrcounter").countdown ({until: t, $("#refrcounter").countdown ({until: t,
layout: '%M%nn%M:%S%nn%S', layout: '%M%nn%M:%S%nn%S',
labels: ['', '', '', '', '', '', ''], labels: ['', '', '', '', '', '', ''],
onExpiry: function () { onExpiry: function () {
href = $("a.autorefresh").attr ("href"); href = $("a.autorefresh").attr ("href");
href = href + <?php echo $_GET["refr"]; ?>; href = href + refr_time;
$(document).attr ("location", href); $(document).attr ("location", href);
} }
}); });