deon/phpldapadmin
1
0
Fork 0
Code Issues 36 Pull Requests Packages Projects Releases Wiki Activity

SF Bug #2969826 - XSS found in cmd.php

Browse Source
This commit is contained in:
Deon George 2010-03-14 23:48:40 +11:00
parent 7b4d11f1f5
commit 0f782569e9
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/config.php.example
View File

@ -466,7 +466,7 @@ $servers->setValue('server','name','My LDAP Server');
/* These attributes will be forced to MAY attributes and become option in the
templates. If they are not defined in the templates, then they wont appear
as per normal template processing. You may want to do this becuase your LDAP
as per normal template processing. You may want to do this because your LDAP
server may automatically calculate a default value.
In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
gidNumber and sambaSID. */

2
htdocs/cmd.php
View File

@ -53,7 +53,7 @@ if (trim($www['cmd'])) {
# If this command has been disabled by the config.
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) {
system_message(array('title'=>_('Command disabled by the server configuration'),
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),htmlspecialchars($www['cmd'])),'type'=>'error'),'index.php');
$app['script_cmd'] = null;
}

2
lib/ds.php
View File

@ -616,7 +616,7 @@ class Datastore {
$index = min($this->GetServerList())->getIndex();
if (! isset($this->objects[$index]))
debug_dump_backtrace("Error: Datastore instance [$index] doesnt exist?",1);
debug_dump_backtrace(sprintf('Error: Datastore instance [%s] doesnt exist?',htmlspecialchars($index)),1);
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED)
debug_log('Returning instance of database (%s)',3,0,__FILE__,__LINE__,__METHOD__,$index);

2
lib/functions.php
View File

@ -612,7 +612,7 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
_('Function'),$line['function']);
if (isset($line['args'])) {
$display = strlen(serialize($line['args'])) < 50 ? serialize($line['args']) : substr(serialize($line['args']),0,50).'...<TRUNCATED>';
$display = strlen(serialize($line['args'])) < 50 ? htmlspecialchars(serialize($line['args'])) : htmlspecialchars(substr(serialize($line['args']),0,50)).'...<TRUNCATED>';
$_SESSION['backtrace'][$error]['args'] = $line['args'];
if (file_exists(LIBDIR.'../tools/unserialize.php'))
$body .= sprintf('&nbsp;(<a href="%s?index=%s" target="backtrace">%s</a>)',