SF Bug #2969826 - XSS found in cmd.php
This commit is contained in:
parent
7b4d11f1f5
commit
0f782569e9
@ -466,7 +466,7 @@ $servers->setValue('server','name','My LDAP Server');
|
||||
|
||||
/* These attributes will be forced to MAY attributes and become option in the
|
||||
templates. If they are not defined in the templates, then they wont appear
|
||||
as per normal template processing. You may want to do this becuase your LDAP
|
||||
as per normal template processing. You may want to do this because your LDAP
|
||||
server may automatically calculate a default value.
|
||||
In Fedora Directory Server using the DNA Plugin one could ignore uidNumber,
|
||||
gidNumber and sambaSID. */
|
||||
|
@ -53,7 +53,7 @@ if (trim($www['cmd'])) {
|
||||
# If this command has been disabled by the config.
|
||||
if (! $_SESSION[APPCONFIG]->isCommandAvailable('script',$www['cmd'])) {
|
||||
system_message(array('title'=>_('Command disabled by the server configuration'),
|
||||
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),$www['cmd']),'type'=>'error'),'index.php');
|
||||
_('Error'),'body'=>sprintf('%s: <b>%s</b>.',_('The command could not be run'),htmlspecialchars($www['cmd'])),'type'=>'error'),'index.php');
|
||||
|
||||
$app['script_cmd'] = null;
|
||||
}
|
||||
|
@ -616,7 +616,7 @@ class Datastore {
|
||||
$index = min($this->GetServerList())->getIndex();
|
||||
|
||||
if (! isset($this->objects[$index]))
|
||||
debug_dump_backtrace("Error: Datastore instance [$index] doesnt exist?",1);
|
||||
debug_dump_backtrace(sprintf('Error: Datastore instance [%s] doesnt exist?',htmlspecialchars($index)),1);
|
||||
|
||||
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED)
|
||||
debug_log('Returning instance of database (%s)',3,0,__FILE__,__LINE__,__METHOD__,$index);
|
||||
|
@ -612,7 +612,7 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
|
||||
_('Function'),$line['function']);
|
||||
|
||||
if (isset($line['args'])) {
|
||||
$display = strlen(serialize($line['args'])) < 50 ? serialize($line['args']) : substr(serialize($line['args']),0,50).'...<TRUNCATED>';
|
||||
$display = strlen(serialize($line['args'])) < 50 ? htmlspecialchars(serialize($line['args'])) : htmlspecialchars(substr(serialize($line['args']),0,50)).'...<TRUNCATED>';
|
||||
$_SESSION['backtrace'][$error]['args'] = $line['args'];
|
||||
if (file_exists(LIBDIR.'../tools/unserialize.php'))
|
||||
$body .= sprintf(' (<a href="%s?index=%s" target="backtrace">%s</a>)',
|
||||
|
Loading…
Reference in New Issue
Block a user