SF Bug #2969826 - XSS found in cmd.php

This commit is contained in:
Deon George 2010-03-14 23:48:40 +11:00
parent 7b4d11f1f5
commit 0f782569e9
4 changed files with 4 additions and 4 deletions

View File

@ -466,7 +466,7 @@ $servers->setValue('server','name','My LDAP Server');
/* These attributes will be forced to MAY attributes and become option in the
templates. If they are not defined in the templates, then they wont appear
as per normal template processing. You may want to do this becuase your LDAP
as per normal template processing. You may want to do this because your LDAP
server may automatically calculate a default value.
In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
gidNumber and sambaSID. */

View File

@ -53,7 +53,7 @@ if (trim($www['cmd'])) {
# If this command has been disabled by the config.
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) {
system_message(array('title'=>_('Command disabled by the server configuration'),
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),htmlspecialchars($www['cmd'])),'type'=>'error'),'index.php');
$app['script_cmd'] = null;
}

View File

@ -616,7 +616,7 @@ class Datastore {
$index = min($this->GetServerList())->getIndex();
if (! isset($this->objects[$index]))
debug_dump_backtrace("Error: Datastore instance [$index] doesnt exist?",1);
debug_dump_backtrace(sprintf('Error: Datastore instance [%s] doesnt exist?',htmlspecialchars($index)),1);
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED)
debug_log('Returning instance of database (%s)',3,0,__FILE__,__LINE__,__METHOD__,$index);

View File

@ -612,7 +612,7 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
_('Function'),$line['function']);
if (isset($line['args'])) {
$display = strlen(serialize($line['args'])) < 50 ? serialize($line['args']) : substr(serialize($line['args']),0,50).'...<TRUNCATED>';
$display = strlen(serialize($line['args'])) < 50 ? htmlspecialchars(serialize($line['args'])) : htmlspecialchars(substr(serialize($line['args']),0,50)).'...<TRUNCATED>';
$_SESSION['backtrace'][$error]['args'] = $line['args'];
if (file_exists(LIBDIR.'../tools/unserialize.php'))
$body .= sprintf('&nbsp;(<a href="%s?index=%s" target="backtrace">%s</a>)',