[mapguide-commits] r9962 - sandbox/jng/vanilla_swig/Web/src/mapadmin
svn_mapguide at osgeo.org
svn_mapguide at osgeo.org
Tue Aug 23 16:53:18 PDT 2022
Author: jng
Date: 2022-08-23 16:53:18 -0700 (Tue, 23 Aug 2022)
New Revision: 9962
Modified:
sandbox/jng/vanilla_swig/Web/src/mapadmin/editunmanageddata.php
sandbox/jng/vanilla_swig/Web/src/mapadmin/makepackage.php
sandbox/jng/vanilla_swig/Web/src/mapadmin/packagemanagement.php
sandbox/jng/vanilla_swig/Web/src/mapadmin/resizablepagecomponents.php
Log:
XSS security fix for site administrator
Modified: sandbox/jng/vanilla_swig/Web/src/mapadmin/editunmanageddata.php
===================================================================
--- sandbox/jng/vanilla_swig/Web/src/mapadmin/editunmanageddata.php 2022-08-23 23:18:12 UTC (rev 9961)
+++ sandbox/jng/vanilla_swig/Web/src/mapadmin/editunmanageddata.php 2022-08-23 23:53:18 UTC (rev 9962)
@@ -80,8 +80,8 @@
$selectedMapping = $_GET[ $selectedMappingID ];
// Get info for selected user
- $mappingName = $selectedMapping;
- $location = $mappings[ $mappingName ];
+ $mappingName = htmlspecialchars($selectedMapping);
+ $location = htmlspecialchars($mappings[ $mappingName ]);
$serverAdmin->Close();
}
@@ -90,9 +90,9 @@
{
// Get submitted data
if ( array_key_exists( $mappingNameID, $_POST ) )
- $mappingName = $_POST[ $mappingNameID ];
+ $mappingName = htmlspecialchars($_POST[ $mappingNameID ]);
if ( array_key_exists( $locationID, $_POST ) )
- $location = $_POST[ $locationID ];
+ $location = htmlspecialchars($_POST[ $locationID ]);
// Validate inputs.
if ( empty( $mappingName ) )
Modified: sandbox/jng/vanilla_swig/Web/src/mapadmin/makepackage.php
===================================================================
--- sandbox/jng/vanilla_swig/Web/src/mapadmin/makepackage.php 2022-08-23 23:18:12 UTC (rev 9961)
+++ sandbox/jng/vanilla_swig/Web/src/mapadmin/makepackage.php 2022-08-23 23:53:18 UTC (rev 9962)
@@ -85,9 +85,9 @@
else
{
if ( array_key_exists( $folderNameID, $_GET ) )
- $folderName = $_GET[ $folderNameID ];
+ $folderName = htmlspecialchars($_GET[ $folderNameID ]);
if ( array_key_exists( $packageNameID, $_GET ) )
- $packageName = $_GET[ $packageNameID ];
+ $packageName = htmlspecialchars($_GET[ $packageNameID ]);
if ( empty( $folderName ) )
throw new Exception( $errNoResourceSpecified );
Modified: sandbox/jng/vanilla_swig/Web/src/mapadmin/packagemanagement.php
===================================================================
--- sandbox/jng/vanilla_swig/Web/src/mapadmin/packagemanagement.php 2022-08-23 23:18:12 UTC (rev 9961)
+++ sandbox/jng/vanilla_swig/Web/src/mapadmin/packagemanagement.php 2022-08-23 23:53:18 UTC (rev 9962)
@@ -100,9 +100,9 @@
try
{
if ( array_key_exists( $folderNameID, $_POST ) )
- $folderName = $_POST[ $folderNameID ];
+ $folderName = htmlspecialchars($_POST[ $folderNameID ]);
if ( array_key_exists( $packageNameID, $_POST ) )
- $packageName = $_POST[ $packageNameID ];
+ $packageName = htmlspecialchars($_POST[ $packageNameID ]);
if ( empty( $folderName ) )
throw new Exception( $errNoResourceSpecified );
Modified: sandbox/jng/vanilla_swig/Web/src/mapadmin/resizablepagecomponents.php
===================================================================
--- sandbox/jng/vanilla_swig/Web/src/mapadmin/resizablepagecomponents.php 2022-08-23 23:18:12 UTC (rev 9961)
+++ sandbox/jng/vanilla_swig/Web/src/mapadmin/resizablepagecomponents.php 2022-08-23 23:53:18 UTC (rev 9962)
@@ -976,10 +976,10 @@
global $_POST;
if ( array_key_exists( $selectedLogID, $_GET ) )
- $selectedLog = $_GET[ $selectedLogID ];
+ $selectedLog = htmlspecialchars($_GET[ $selectedLogID ]);
else
if ( array_key_exists( $selectedLogID, $_POST ) )
- $selectedLog = $_POST[ $selectedLogID ];
+ $selectedLog = htmlspecialchars($_POST[ $selectedLogID ]);
}
function DisplayEnabledBar( $label, $name, $checked, $enabled, $enableFields )
More information about the mapguide-commits
mailing list