[Mapbender-commits] r10078 - trunk/mapbender/core
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Tue Mar 19 01:21:51 PDT 2019
Author: armin11
Date: 2019-03-19 01:21:51 -0700 (Tue, 19 Mar 2019)
New Revision: 10078
Modified:
trunk/mapbender/core/httpRequestSecurity.php
Log:
Don't give back the script name ;-)
Modified: trunk/mapbender/core/httpRequestSecurity.php
===================================================================
--- trunk/mapbender/core/httpRequestSecurity.php 2019-03-19 08:19:53 UTC (rev 10077)
+++ trunk/mapbender/core/httpRequestSecurity.php 2019-03-19 08:21:51 UTC (rev 10078)
@@ -2,7 +2,7 @@
//some security tests for mapbender php scripts to prevent xss attacks
//TBD - extend them ;-)
if (strpos($_SERVER['PHP_SELF'],'<script>') !== false ) {
- echo "Mapbender invested a XSS attack to $phpScriptName - script stopped executing!";
+ echo "Mapbender invested a XSS attack - script stopped executing!";
die();
}
//parse url
@@ -16,7 +16,7 @@
//echo $phpScriptName."<br>";
//echo json_encode(endsWith($_SERVER['PHP_SELF'], $phpScriptName))."<br>";
if (!endsWith($_SERVER['PHP_SELF'], $phpScriptName)) {
- echo "Mapbender invested a XSS attack to $phpScriptName - script stopped executing!";
+ echo "Mapbender invested a XSS attack - script stopped executing!";
die();
}
#https://stackoverflow.com/questions/834303/startswith-and-endswith-functions-in-php
More information about the Mapbender_commits
mailing list