Jeremy Newman : fix possible XSS attack vector
Jeremy Newman
jnewman at winehq.org
Wed Jun 8 13:34:21 CDT 2016
Module: website
Branch: master
Commit: dfec0f52db8f557b00d2304a09079c3d08a26a4f
URL: http://source.winehq.org/git/website.git/?a=commit;h=dfec0f52db8f557b00d2304a09079c3d08a26a4f
Author: Jeremy Newman <jnewman at codeweavers.com>
Date: Wed Jun 8 13:33:58 2016 -0500
fix possible XSS attack vector
---
site.php | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/site.php b/site.php
index 29c5159..e108f77 100644
--- a/site.php
+++ b/site.php
@@ -77,7 +77,7 @@ if (isset($_SERVER['PATH_INFO']))
}
// clean page path
- $page = $html->clean_input($page);
+ $page = $html->clean_input($page, true);
// template PAGE path verification
if (preg_match('%^global/%', $page))
@@ -87,11 +87,16 @@ if (isset($_SERVER['PATH_INFO']))
$html->in404 = 1;
define("PAGE", '404');
}
- else
+ else if (preg_match('/[a-z0-9_-]/i', $page))
{
// good path
define("PAGE", $page);
}
+ else
+ {
+ // unknown
+ define("PAGE", '404');
+ }
unset($page, $dirs, $good_dirs);
}
else
More information about the wine-cvs
mailing list