Fix XSS problem in admin area
This commit is contained in:
Thomas Leister
parent
50bd82e223
commit
5f12b18e5c
4 changed files with 3 additions and 9 deletions
|
|
@ -2,7 +2,6 @@
|
|||
|
||||
if(isset($_POST['domain'])){
|
||||
$domain = $db->escape_string($_POST['domain']);
|
||||
$domain = strip_tags($domain);
|
||||
$domain = strtolower($domain);
|
||||
|
||||
if($domain !== ""){
|
||||
|
|
|
|||
|
|
@ -6,10 +6,8 @@
|
|||
$id = $db->escape_string($_POST['id']);
|
||||
|
||||
$source = $db->escape_string($_POST['source']);
|
||||
$source = strip_tags($source);
|
||||
$source = strtolower($source);
|
||||
$destination = $db->escape_string($_POST['destination']);
|
||||
$destination = strip_tags($destination);
|
||||
$destination = strtolower($destination);
|
||||
|
||||
if($source !== "" && $destination !== ""){
|
||||
|
|
@ -31,10 +29,8 @@
|
|||
|
||||
else if($savemode === "create"){
|
||||
$source = $db->escape_string($_POST['source']);
|
||||
$source = strip_tags($source);
|
||||
$source = strtolower($source);
|
||||
$destination = $db->escape_string($_POST['destination']);
|
||||
$destination = strip_tags($destination);
|
||||
$destination = strtolower($destination);
|
||||
|
||||
if($source !== "" && $destination !== ""){
|
||||
|
|
@ -96,11 +92,11 @@ Here you can edit a redirect.
|
|||
|
||||
<tr>
|
||||
<td>
|
||||
<input type="text" name="source" class="textinput" placeholder="Source (single address)" required="required" value="<?php if(isset($source)){echo $source;}?>" autofocus/>
|
||||
<input type="text" name="source" class="textinput" placeholder="Source (single address)" required="required" value="<?php if(isset($source)){echo strip_tags($source);}?>" autofocus/>
|
||||
</td>
|
||||
|
||||
<td>
|
||||
<textarea name="destination" class="textinput" placeholder="Destination (multiple addresses separated by comma possible)" required="required"><?php if(isset($destination)){echo $destination;} ?></textarea>
|
||||
<textarea name="destination" class="textinput" placeholder="Destination (multiple addresses separated by comma possible)" required="required"><?php if(isset($destination)){echo strip_tags($destination);} ?></textarea>
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
|
|
|
|||
|
|
@ -61,7 +61,6 @@
|
|||
else if($savemode === "create"){
|
||||
// Create mode entered
|
||||
$username = $db->escape_string($_POST['username']);
|
||||
$username = strtolower($username);
|
||||
$domain = $db->escape_string($_POST['domain']);
|
||||
if(defined('DBC_USERS_MAILBOXLIMIT')){
|
||||
$mailbox_limit = $db->escape_string($_POST['mailbox_limit']);
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
<?php
|
||||
/*
|
||||
* #################### This is WebMUM Version 0.1.8 ######################
|
||||
* #################### This is WebMUM Version 0.1.9 ######################
|
||||
*
|
||||
* Project on GitHub: https://github.com/ThomasLeister/webmum
|
||||
* Author's Blog: https://thomas-leister.de
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue