deon/phpldapadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SF Bug #2969826 - XSS found in cmd.php

Browse Source
This commit is contained in:
Deon George
2010-03-14 23:48:40 +11:00
parent 7b4d11f1f5
commit 0f782569e9
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/ds.php
View File

@@ -616,7 +616,7 @@ class Datastore {
$index = min($this->GetServerList())->getIndex();
if (! isset($this->objects[$index]))
debug_dump_backtrace("Error: Datastore instance [$index] doesnt exist?",1);
debug_dump_backtrace(sprintf('Error: Datastore instance [%s] doesnt exist?',htmlspecialchars($index)),1);
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED)
debug_log('Returning instance of database (%s)',3,0,__FILE__,__LINE__,__METHOD__,$index);

2
lib/functions.php
View File

@@ -612,7 +612,7 @@ function error($msg,$type='note',$redirect=null,$fatal=false,$backtrace=false) {
_('Function'),$line['function']);
if (isset($line['args'])) {
$display = strlen(serialize($line['args'])) < 50 ? serialize($line['args']) : substr(serialize($line['args']),0,50).'...<TRUNCATED>';
$display = strlen(serialize($line['args'])) < 50 ? htmlspecialchars(serialize($line['args'])) : htmlspecialchars(substr(serialize($line['args']),0,50)).'...<TRUNCATED>';
$_SESSION['backtrace'][$error]['args'] = $line['args'];
if (file_exists(LIBDIR.'../tools/unserialize.php'))
$body .= sprintf('&nbsp;(<a href="%s?index=%s" target="backtrace">%s</a>)',