Commit 382c195a authored by Jean-Philippe Levy's avatar Jean-Philippe Levy
Browse files

Fix admin_conf XSS vulnerability

parent 1e96faa2
......@@ -80,15 +80,22 @@ include_once("./request.php");
mysqli_close($connect);
}
}
// Get object
if(isset($_POST["object"])){
$post_object = htmlspecialchars($_POST["object"]);
}
?>
<form action="index.php" method="post" class="form-inline">
<div class="form-group">
<select class="form-control" id="object" name="object">
<?php
$selected="";
foreach($request as $object => $request){
if(isset($_POST["object"])){
if($object==$_POST["object"])
if(isset($post_object)){
if($object==$post_object)
$selected="selected";
else
$selected="";
......@@ -102,10 +109,12 @@ include_once("./request.php");
</form>
<?php
if(isset($_POST["object"])){
if(isset($post_object)){
include("./request.php");
echo "<p class='alert alert-info'><i class='fa fa-info-circle'></i> File : <a href=\"./download.php?file=".$_POST["object"].".csv\">".$_POST["object"]."</a></p>";
createFile( $_POST["object"],$request[$_POST["object"]] );
if(isset($request[$post_object])) {
echo "<p class='alert alert-info'><i class='fa fa-info-circle'></i> File : <a href=\"./download.php?file=".$post_object.".csv\">".$post_object."</a></p>";
createFile( $post_object, $request[$post_object] );
}
}
?>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment