[mapguide-commits] r9960 - branches/3.1/MgDev/Web/src/mapadmin

[svn_mapguide at osgeo.org]

Author: jng
Date: 2022-08-23 16:17:31 -0700 (Tue, 23 Aug 2022)
New Revision: 9960

Modified:
   branches/3.1/MgDev/Web/src/mapadmin/editunmanageddata.php
   branches/3.1/MgDev/Web/src/mapadmin/makepackage.php
   branches/3.1/MgDev/Web/src/mapadmin/packagemanagement.php
   branches/3.1/MgDev/Web/src/mapadmin/resizablepagecomponents.php
Log:
XSS security fix for site administrator

Modified: branches/3.1/MgDev/Web/src/mapadmin/editunmanageddata.php
===================================================================
--- branches/3.1/MgDev/Web/src/mapadmin/editunmanageddata.php	2022-08-23 23:16:52 UTC (rev 9959)
+++ branches/3.1/MgDev/Web/src/mapadmin/editunmanageddata.php	2022-08-23 23:17:31 UTC (rev 9960)
@@ -80,8 +80,8 @@
         $selectedMapping = $_GET[ $selectedMappingID ];
 
         // Get info for selected user
-        $mappingName = $selectedMapping;
-        $location = $mappings[ $mappingName ];
+        $mappingName = htmlspecialchars($selectedMapping);
+        $location = htmlspecialchars($mappings[ $mappingName ]);
 
         $serverAdmin->Close();
     }
@@ -90,9 +90,9 @@
     {
         // Get submitted data
         if ( array_key_exists( $mappingNameID, $_POST ) )
-            $mappingName = $_POST[ $mappingNameID ];
+            $mappingName = htmlspecialchars($_POST[ $mappingNameID ]);
         if ( array_key_exists( $locationID, $_POST ) )
-            $location = $_POST[ $locationID ];
+            $location = htmlspecialchars($_POST[ $locationID ]);
 
         // Validate inputs.
         if ( empty( $mappingName ) )

Modified: branches/3.1/MgDev/Web/src/mapadmin/makepackage.php
===================================================================
--- branches/3.1/MgDev/Web/src/mapadmin/makepackage.php	2022-08-23 23:16:52 UTC (rev 9959)
+++ branches/3.1/MgDev/Web/src/mapadmin/makepackage.php	2022-08-23 23:17:31 UTC (rev 9960)
@@ -85,9 +85,9 @@
     else
     {
         if ( array_key_exists( $folderNameID, $_GET ) )
-            $folderName = $_GET[ $folderNameID ];
+            $folderName = htmlspecialchars($_GET[ $folderNameID ]);
         if ( array_key_exists( $packageNameID, $_GET ) )
-            $packageName = $_GET[ $packageNameID ];
+            $packageName = htmlspecialchars($_GET[ $packageNameID ]);
 
         if ( empty( $folderName ) )
             throw new Exception( $errNoResourceSpecified );

Modified: branches/3.1/MgDev/Web/src/mapadmin/packagemanagement.php
===================================================================
--- branches/3.1/MgDev/Web/src/mapadmin/packagemanagement.php	2022-08-23 23:16:52 UTC (rev 9959)
+++ branches/3.1/MgDev/Web/src/mapadmin/packagemanagement.php	2022-08-23 23:17:31 UTC (rev 9960)
@@ -100,9 +100,9 @@
         try
         {
             if ( array_key_exists( $folderNameID, $_POST ) )
-                $folderName = $_POST[ $folderNameID ];
+                $folderName = htmlspecialchars($_POST[ $folderNameID ]);
             if ( array_key_exists( $packageNameID, $_POST ) )
-                $packageName = $_POST[ $packageNameID ];
+                $packageName = htmlspecialchars($_POST[ $packageNameID ]);
 
             if ( empty( $folderName ) )
                 throw new Exception( $errNoResourceSpecified );

Modified: branches/3.1/MgDev/Web/src/mapadmin/resizablepagecomponents.php
===================================================================
--- branches/3.1/MgDev/Web/src/mapadmin/resizablepagecomponents.php	2022-08-23 23:16:52 UTC (rev 9959)
+++ branches/3.1/MgDev/Web/src/mapadmin/resizablepagecomponents.php	2022-08-23 23:17:31 UTC (rev 9960)
@@ -976,10 +976,10 @@
         global $_POST;
 
         if ( array_key_exists( $selectedLogID, $_GET ) )
-            $selectedLog = $_GET[ $selectedLogID ];
+            $selectedLog = htmlspecialchars($_GET[ $selectedLogID ]);
         else
         if ( array_key_exists( $selectedLogID, $_POST ) )
-            $selectedLog = $_POST[ $selectedLogID ];
+            $selectedLog = htmlspecialchars($_POST[ $selectedLogID ]);
     }
 
     function DisplayEnabledBar( $label, $name, $checked, $enabled, $enableFields )