[Mapbender-commits] r10072 - trunk/mapbender/http/php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Thu Mar 7 12:03:07 PST 2019
Author: armin11
Date: 2019-03-07 12:03:07 -0800 (Thu, 07 Mar 2019)
New Revision: 10072
Modified:
trunk/mapbender/http/php/mod_showMetadata.php
Log:
Quick and dirty fix for https://www.openbugbounty.org/reports/763070/
Modified: trunk/mapbender/http/php/mod_showMetadata.php
===================================================================
--- trunk/mapbender/http/php/mod_showMetadata.php 2019-03-07 17:27:27 UTC (rev 10071)
+++ trunk/mapbender/http/php/mod_showMetadata.php 2019-03-07 20:03:07 UTC (rev 10072)
@@ -27,6 +27,11 @@
require_once dirname(__FILE__) . "/../../tools/wms_extent/extent_service.conf";
require_once dirname(__FILE__) . "/../extensions/phpqrcode/phpqrcode.php";
+if (strpos($_SERVER['PHP_SELF'],'<script>') !== false ) {
+ echo "Invested a XSS attack - script stopped executing!";
+ die();
+}
+
//GET:
//resource: wms, layer, wfs, featuretype, wfs-conf, wmc
//id: integer
More information about the Mapbender_commits
mailing list