Skip to content
Permalink
Browse files Browse the repository at this point in the history
Hotfix: XSS-Vulnerability $_SERVER['PHP_SELF']
  • Loading branch information
01-Scripts committed Sep 15, 2021
1 parent 8d362f3 commit a16eb7d
Show file tree
Hide file tree
Showing 12 changed files with 13 additions and 13 deletions.
2 changes: 1 addition & 1 deletion 01acp/_dev.php
Expand Up @@ -10,7 +10,7 @@

$menuecat = "01acp_start";
$sitetitle = "Dev-Übersicht";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];

// Config-Dateien
include("system/main.php");
Expand Down
2 changes: 1 addition & 1 deletion 01acp/_loader.php
Expand Up @@ -15,7 +15,7 @@

$menuecat = $modul;
$sitetitle = $module[$modul]['instname'];
$filename = $_SERVER['PHP_SELF']."?modul=".$modul."&loadpage=".$_REQUEST['loadpage'];
$filename = $_SERVER['SCRIPT_NAME']."?modul=".$modul."&loadpage=".$_REQUEST['loadpage'];

include("system/head.php");

Expand Down
2 changes: 1 addition & 1 deletion 01acp/acp.php
Expand Up @@ -12,7 +12,7 @@
$menuecat = "01acp_start";
$sitetitle = "Startseite";
$mootools_use = array("moo_core","moo_more","moo_slideh","moo_request");
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];


// Config-Dateien
Expand Down
4 changes: 2 additions & 2 deletions 01acp/comments.php
Expand Up @@ -17,7 +17,7 @@
include("system/main.php");
include("system/head.php");

$filename = $_SERVER['PHP_SELF']."?modul=".$modul."";
$filename = $_SERVER['SCRIPT_NAME']."?modul=".$modul."";

// Sicherheitsabfrage: Login
if(isset($userdata['id']) && $userdata['id'] > 0 && $userdata['editcomments'] == 1){
Expand Down Expand Up @@ -141,7 +141,7 @@
}
else{
echo "<div class=\"meldung_hinweis\"><p><b>Bitte w&auml;hlen Sie ein Modul</b></p>".
create_ModulForm($_SERVER['PHP_SELF']."?","input",TRUE)."</div>";
create_ModulForm($_SERVER['SCRIPT_NAME']."?","input",TRUE)."</div>";
}


Expand Down
2 changes: 1 addition & 1 deletion 01acp/filemanager.php
Expand Up @@ -11,7 +11,7 @@

$menuecat = "01acp_filemanager";
$sitetitle = "Datei- &amp; Bildverwaltung";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];
$mootools_use = array("moo_core","moo_more","moo_remooz","moo_request","moo_dragdrop");


Expand Down
2 changes: 1 addition & 1 deletion 01acp/index.php
Expand Up @@ -12,7 +12,7 @@
$dontshow = true;
$menuecat = "login";
$sitetitle = "Anmelden";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];
$message = "";
$menge = 0;
$error = 1;
Expand Down
2 changes: 1 addition & 1 deletion 01acp/module.php
Expand Up @@ -11,7 +11,7 @@

$menuecat = "01acp_module";
$sitetitle = "Module verwalten";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];
$flag_stopupdate = FALSE;

// Config-Dateien
Expand Down
2 changes: 1 addition & 1 deletion 01acp/rights.php
Expand Up @@ -11,7 +11,7 @@

$menuecat = "01acp_users";
$sitetitle = "Benutzerverwaltung : Rechteverwaltung";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];

// Config-Dateien
include("system/main.php");
Expand Down
2 changes: 1 addition & 1 deletion 01acp/settings.php
Expand Up @@ -11,7 +11,7 @@

$menuecat = "01acp_settings";
$sitetitle = "Einstellungen";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];

// Config-Dateien
include("system/main.php");
Expand Down
2 changes: 1 addition & 1 deletion 01acp/system/uploader.php
Expand Up @@ -9,7 +9,7 @@
#fv.130#
*/

if(!isset($filename)) $filename = $_SERVER['PHP_SELF'];
if(!isset($filename)) $filename = $_SERVER['SCRIPT_NAME'];
if(!isset($_REQUEST['formname'])) $_REQUEST['formname'] = "";
if(!isset($_REQUEST['type'])) $_REQUEST['type'] = "";
if(!isset($_REQUEST['returnvalue'])) $_REQUEST['returnvalue'] = "";
Expand Down
2 changes: 1 addition & 1 deletion 01acp/update.php
Expand Up @@ -11,7 +11,7 @@

$menuecat = "01acp_start";
$sitetitle = "01ACP aktualisieren";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];
$flag_acp = TRUE;
$flag_nofunctions = TRUE;
$flag_loginerror = FALSE;
Expand Down
2 changes: 1 addition & 1 deletion 01acp/users.php
Expand Up @@ -11,7 +11,7 @@

$menuecat = "01acp_users";
$sitetitle = "Benutzerverwaltung";
$filename = $_SERVER['PHP_SELF'];
$filename = $_SERVER['SCRIPT_NAME'];
$mootools_use = array("moo_core","moo_more","moo_slidev");

// Config-Dateien
Expand Down

0 comments on commit a16eb7d

Please sign in to comment.