Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
intranet-filestorage
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
project-open
intranet-filestorage
Commits
7d0d64d0
Commit
7d0d64d0
authored
May 23, 2011
by
Frank Bergmann
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- Filestorage:
Fixed XSS issue
parent
4ca02d87
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
11 additions
and
0 deletions
+11
-0
intranet-filestorage-procs.tcl
tcl/intranet-filestorage-procs.tcl
+11
-0
No files found.
tcl/intranet-filestorage-procs.tcl
View file @
7d0d64d0
...
...
@@ -1102,6 +1102,17 @@ ad_proc export_url_bind_vars { bind_vars } {
set vars
""
set ctr 0
foreach var
[
ad_ns_set_keys
$bind
_vars
]
{
# Security check for cross site scripting
if
{
!
[
regexp
{
^
[
a-zA-Z0-9_
\-
]
*$
}
$var
]}
{
im_security_alert
\
-location export_url_bind_vars
\
-message
"Invalid URL var characters"
\
-value
[
ns_quotehtml
$var
]
# Quote the harmful vars
regsub -all
{[
^a-zA-Z0-9_
\-
]}
$var
"_"
var
}
set value
[
ns_set get
$bind
_vars
$var
]
if
{
$ctr
> 0
}
{
append vars
"&"
}
append vars
"
$var
=
[
ns_urlencode
$value
]
"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment