nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Force pos to be integer to avoid XSS.

Browse Source
This commit is contained in:
Michal Čihař
2006-11-17 08:47:26 +00:00
parent 1042770109
commit 6c06cb72d2
24 changed files with 166 additions and 189 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
error.php
View File

@@ -14,7 +14,8 @@ require_once('./libraries/sanitizing.lib.php');
/* Get variables */
$lang = isset( $_REQUEST['lang'] ) ? htmlspecialchars($_REQUEST['lang']) : 'en';
$dir = isset( $_REQUEST['dir'] ) ? htmlspecialchars($_REQUEST['dir']) : 'ltr';
$charset = isset( $_REQUEST['charset'] ) ? htmlspecialchars($_REQUEST['charset']) : 'utf-8';
// force utf-8 to avoid XSS with crafted URL and utf-7 in charset parameter
$charset = 'utf-8';
$type = isset( $_REQUEST['type'] ) ? htmlspecialchars($_REQUEST['type']) : 'error';
header('Content-Type: text/html; charset=' . $charset);