chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r11543] Added api_get_self() which returns an escaped version of $_SERVER['PHP_SELF'] which itself ISN'T SAFE (open to XSS)!

Browse Source
skala
Yannick Warnier 19 years ago
parent f0746f7839
commit 66f870398e
1 changed files with 9 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 9
      main/inc/lib/main_api.lib.php

9
main/inc/lib/main_api.lib.php
Unescape View File

@ -914,6 +914,15 @@ function api_get_setting($variable, $key = NULL)
return is_null($key) ? $_setting[$variable] : $_setting[$variable][$key];
}
/**
* Returns an escaped version of $_SERVER['PHP_SELF'] to avoid XSS injection
* @return string Escaped version of $_SERVER['PHP_SELF']
*/
function api_get_self()
{
return htmlentities($_SERVER['PHP_SELF']);
}
/*
==============================================================================
LANGUAGE SUPPORT

Write Preview
Loading…
Cancel
Save