XSS with IE <= 8.x (semicolon and attachment headers
This commit is contained in:
@@ -111,7 +111,7 @@ if (isset($_REQUEST['report_export']) && $_REQUEST['export_type'] == 'sqldumpfil
|
|||||||
foreach($entries as $entry) {
|
foreach($entries as $entry) {
|
||||||
$dump .= $entry['statement'];
|
$dump .= $entry['statement'];
|
||||||
}
|
}
|
||||||
$filename = 'log_' . htmlspecialchars($_REQUEST['table']) . '.sql';
|
$filename = 'log_' . str_replace(';', '', htmlspecialchars($_REQUEST['table'])) . '.sql';
|
||||||
header('Content-Type: text/x-sql');
|
header('Content-Type: text/x-sql');
|
||||||
header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
|
||||||
header('Content-Disposition: attachment; filename="' . $filename . '"');
|
header('Content-Disposition: attachment; filename="' . $filename . '"');
|
||||||
|
Reference in New Issue
Block a user