TTN 468 - added protection from XSS attacks

poweradmin · Apr 12, 2012 · f5edf5d · f5edf5d
1 parent 031b676
commit f5edf5d
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 10 deletions.
diff --git a/edit.php b/edit.php
@@ -349,7 +349,7 @@
 		echo "      </tr>\n";
 
 		if ($meta_edit) {
-			echo "      <form action=\"" . $_SERVER['PHP_SELF'] . "?id=" . $zone_id . "\" method=\"post\">\n";
+			echo "      <form action=\"" . htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES) . "?id=" . $zone_id . "\" method=\"post\">\n";
 			echo "       <input type=\"hidden\" name=\"domain\" value=\"" . $zone_id . "\">\n";
 			echo "       <tr>\n";
 			echo "        <td>\n";
@@ -381,7 +381,7 @@
 		echo "      </tr>\n";
 
                 if ($meta_edit) {
-                        echo "      <form action=\"" . $_SERVER['PHP_SELF'] . "?id=" . $zone_id . "\" method=\"post\">\n";
+                        echo "      <form action=\"" . htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES) . "?id=" . $zone_id . "\" method=\"post\">\n";
                         echo "       <input type=\"hidden\" name=\"current_zone_template\" value=\"" . $zone_template_id . "\">\n";
                         echo "       <tr>\n";
                         echo "        <td>\n";
@@ -413,7 +413,7 @@
 			echo "      </tr>\n";
 
 			if ($meta_edit) {
-				echo "      <form action=\"" . $_SERVER['PHP_SELF'] . "?id=" . $zone_id . "\" method=\"post\">\n";
+				echo "      <form action=\"" . htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES) . "?id=" . $zone_id . "\" method=\"post\">\n";
 				echo "       <input type=\"hidden\" name=\"domain\" value=\"" . $zone_id . "\">\n";
 				echo "       <tr>\n";
 				echo "        <td>\n";

diff --git a/inc/auth.inc.php b/inc/auth.inc.php
@@ -124,6 +124,7 @@ function doAuthenticate() {
 function auth($msg="",$type="success")
 {
 	include_once('inc/header.inc.php');
+    echo $_SERVER['SCRIPT_FILENAME'];
 	if ( $msg )
 	{
 		print "<div class=\"$type\">$msg</div>\n";
@@ -132,7 +133,7 @@ function auth($msg="",$type="success")
 	<h2><?php echo _('Log in'); ?></h2>
 	<?php
 	?>
-	<form method="post" action="<?php echo $_SERVER["PHP_SELF"] ?>">
+	<form method="post" action="<?php echo htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES); ?>">
 	 <table border="0">
 	  <tr>
 	   <td class="n" width="100"><?php echo _('Username'); ?>:</td>

diff --git a/inc/toolkit.inc.php b/inc/toolkit.inc.php
@@ -163,7 +163,7 @@ function show_pages($amount,$rowamount,$id='')
          if ($_GET["start"] == $i) {
             echo "[ <b>".$i."</b> ] ";
          } else {
-            echo " <a href=\"".$_SERVER["PHP_SELF"]."?start=".$i;
+            echo " <a href=\"".htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES)."?start=".$i;
 	    if ($id!='') echo "&id=".$id;
 	    echo "\">[ ".$i." ]</a> ";
          }
@@ -186,7 +186,7 @@ function show_letters($letterstart,$userid=true)
 	}
 	elseif (zone_letter_start($letter,$userid))
 	{
-		echo "<a href=\"".$_SERVER["PHP_SELF"]."?letter=1\">[ 0-9 ]</a> ";
+		echo "<a href=\"".htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES)."?letter=1\">[ 0-9 ]</a> ";
 	}
 	else
 	{
@@ -201,7 +201,7 @@ function show_letters($letterstart,$userid=true)
                 }
                 elseif (zone_letter_start($letter,$userid))
                 {
-                        echo "<a href=\"".$_SERVER["PHP_SELF"]."?letter=".$letter."\">[ ".$letter." ]</a> ";
+                        echo "<a href=\"".htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES)."?letter=".$letter."\">[ ".$letter." ]</a> ";
                 }
                 else
                 {
@@ -213,7 +213,7 @@ function show_letters($letterstart,$userid=true)
 	{
 		echo "[ <span class=\"lettertaken\"> Show all </span> ] ";
 	} else {
-		echo "<a href=\"".$_SERVER["PHP_SELF"]."?letter=all\">[ Show all ]</a> ";
+		echo "<a href=\"".htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES)."?letter=all\">[ Show all ]</a> ";
 	}
 }
 
@@ -295,7 +295,7 @@ function clean_page($arg='')
 {
 	if (!$arg)
 	{
-		header("Location: ".$_SERVER["PHP_SELF"]."?time=".time());
+		header("Location: ".htmlentities($_SERVER["PHP_SELF"], ENT_QUOTES)."?time=".time());
 		exit;
 	}
 	else

diff --git a/search.php b/search.php
@@ -154,7 +154,7 @@
 	}
 
 	echo "     <h3>" . _('Query') . ":</h3>\n";
-	echo "      <form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n";
+	echo "      <form method=\"post\" action=\"" . htmlentities($_SERVER['PHP_SELF'], ENT_QUOTES) . "\">\n";
 	echo "       <table>\n";
 	echo "        <tr>\n";
 	echo "         <td>\n";