chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r12210] Moved filtering of PHP_SELF to avoid injection in GLOBALS

Browse Source
skala
Yannick Warnier 19 years ago
parent cd3d3b6a66
commit ce20dec32d
1 changed files with 2 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      main/inc/global.inc.php

5
main/inc/global.inc.php
Unescape View File

@ -161,6 +161,8 @@ if (!$x=strpos($_SERVER['PHP_SELF'],'whoisonline.php'))
// preventing XSS injections on all scripts at once
$_SERVER['PHP_SELF'] = api_get_self();
if(get_setting('server_type') == 'test')
{
@ -406,7 +408,4 @@ if(mysql_num_rows($q_last_connection) > 0)
$s_sql_update_logout_date="UPDATE $tbl_track_login SET logout_date=NOW() WHERE login_id='$i_id_last_connection'";
api_sql_query($s_sql_update_logout_date);
}
// preventing XSS injections on all scripts at once
$_SERVER['PHP_SELF'] = api_get_self();
?>
Write Preview
Loading…
Cancel
Save