chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r21105] Fixed vulnerable get parameter: action - partial FS#4261

Browse Source
skala
Cristian Fasanando 17 years ago
parent 844b620393
commit 0e4227493e
2 changed files with 3 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      main/inc/lib/fckeditor/editor/plugins/ImageManager/Classes/ImageEditor.php
  2. 2
      main/inc/lib/fckeditor/editor/plugins/ImageManager/editorFrame.php

4
main/inc/lib/fckeditor/editor/plugins/ImageManager/Classes/ImageEditor.php
Unescape View File

@ -429,8 +429,8 @@ class ImageEditor
function getAction() function getAction()
{ {
$action = null; $action = null;
if(isset($_GET['action'])) if(isset($_GET['action']))
$action = $_GET['action']; $action = str_replace('"','',$_GET['action']);
Return $action; Return $action;
} }

2
main/inc/lib/fckeditor/editor/plugins/ImageManager/editorFrame.php
Unescape View File

@ -49,7 +49,7 @@
<script type="text/javascript"> <script type="text/javascript">
// <![CDATA[ // <![CDATA[
var processedAction = "<?php echo (isset($_GET['action']) ? $_GET['action'] : ''); ?>"; var processedAction = "<?php echo (isset($_GET['action']) ? str_replace('"','',$_GET['action']) : ''); ?>";
if (processedAction == 'replace' && parent.old) if (processedAction == 'replace' && parent.old)
{ {

Write Preview
Loading…
Cancel
Save