chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Security issue: adding security::remove_XSS function

Browse Source
skala
Julio Montoya 16 years ago
parent b3fd846c42
commit 0886cc9724
1 changed files with 1 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      index.php

2
index.php
Unescape View File

@ -776,7 +776,7 @@ function display_anonymous_course_list() {
// 2
if ($user_identified && !key_exists($course['code'], $courses_of_user)) {
if ($course['subscribe'] == '1') {
$courses_list_string .= '<form action="main/auth/courses.php?action=subscribe&category='.$_GET['category'].'" method="post">';
$courses_list_string .= '<form action="main/auth/courses.php?action=subscribe&category='.Security::remove_XSS($_GET['category']).'" method="post">';
$courses_list_string .= '<input type="hidden" name="sec_token" value="'.$stok.'">';
$courses_list_string .= '<input type="hidden" name="subscribe" value="'.$course['code'].'" />';
$courses_list_string .= '<input type="image" name="unsub" src="main/img/enroll.gif" alt="'.get_lang('Subscribe').'" />'.get_lang('Subscribe').'</form>';

Write Preview
Loading…
Cancel
Save