[geeklog-cvs] geeklog: Try to avoid an XSS in the anonymous user name without ...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Fri Apr 10 13:02:43 EDT 2009
details: http://project.geeklog.net/cgi-bin/hgweb.cgi/rev/14f8191e6437
changeset: 6903:14f8191e6437
user: Dirk Haun <dirk at haun-online.de>
date: Fri Apr 10 18:58:37 2009 +0200
description:
Try to avoid an XSS in the anonymous user name without offending half of Ireland at the same time. Needs a review ...
diffstat:
1 file changed, 13 insertions(+), 12 deletions(-)
system/lib-comment.php | 25 +++++++++++++------------
diffs (57 lines):
diff -r aa75e418b922 -r 14f8191e6437 system/lib-comment.php
--- a/system/lib-comment.php Fri Apr 10 18:20:12 2009 +0200
+++ b/system/lib-comment.php Fri Apr 10 18:58:37 2009 +0200
@@ -2,7 +2,7 @@
/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
-// | Geeklog 1.5 |
+// | Geeklog 1.6 |
// +---------------------------------------------------------------------------+
// | lib-comment.php |
// | |
@@ -302,11 +302,11 @@
}
// comment variables
- $template->set_var( 'indent', $indent );
- $template->set_var( 'author_name', $A['username'] );
- $template->set_var( 'author_id', $A['uid'] );
- $template->set_var( 'cid', $A['cid'] );
- $template->set_var( 'cssid', $row % 2 );
+ $template->set_var('indent', $indent);
+ $template->set_var('author_name', strip_tags($A['username']));
+ $template->set_var('author_id', $A['uid']);
+ $template->set_var('cid', $A['cid']);
+ $template->set_var('cssid', $row % 2);
if( $A['uid'] > 1 ) {
$fullname = COM_getDisplayName( $A['uid'], $A['username'],
@@ -351,7 +351,7 @@
} else {
//comment is from anonymous user
if (isset($A['name'])) {
- $A['username'] = $A['name'];
+ $A['username'] = strip_tags($A['name']);
}
$template->set_var( 'author', $A['username'] );
$template->set_var( 'author_fullname', $A['username'] );
@@ -1060,12 +1060,13 @@
}
$comment = addslashes(CMT_prepareText($comment, $postmode));
- $title = addslashes(COM_checkWords (strip_tags ($title)));
- if (isset($_POST['username']) && strcmp($_POST['username'],$LANG03[24]) != 0
- && $uid == 1 ) {
- $name = COM_checkWords(strip_tags(addslashes($_POST['username'])));
+ $title = addslashes(COM_checkWords(strip_tags($title)));
+ if (isset($_POST['username']) && strcmp($_POST['username'],$LANG03[24]) != 0
+ && $uid == 1) {
+ $name = COM_checkWords(strip_tags(COM_stripslashes($_POST['username'])));
setcookie('anon-name', $name);
- }
+ $name = addslashes($name);
+ }
// check for non-int pid's
// this should just create a top level comment that is a reply to the original item
More information about the geeklog-cvs
mailing list