Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #902 from sdennler/fix/open-bug-bounty-issues-2
Fix XSS from open bug bounty from slack message 01
  • Loading branch information
teiling88 committed Dec 12, 2022
2 parents 9532e2f + c3ca846 commit 4bdd6a0
Show file tree
Hide file tree
Showing 4 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion htdocs/editcache.php
Expand Up @@ -123,7 +123,7 @@ function getWaypoints($cacheId)
$cache_record = sql_fetch_array($cache_rs);
sql_free_result($cache_rs);

if ($cache_record !== false) {
if (is_array($cache_record)) {
if ($cache_record['user_id'] == $usr['userid'] || $login->listingAdmin()) {
$tplname = 'editcache';
tpl_acceptsAndPurifiesHtmlInput();
Expand Down
2 changes: 1 addition & 1 deletion htdocs/lang/de/ocstyle/varset.inc.php
Expand Up @@ -49,7 +49,7 @@

foreach($_REQUEST as $varname => $varvalue) {
if (in_array($varname, $allowed)) {
$target .= $varname . '=' . $varvalue . '&';
$target .= $varname . '=' . htmlspecialchars($varvalue) . '&';
}
}
if (mb_substr($target, - 1) == '?' || mb_substr($target, - 1) == '&') {
Expand Down
2 changes: 1 addition & 1 deletion htdocs/lib/clicompatbase.inc.php
Expand Up @@ -506,7 +506,7 @@ function sql_warn($warnmessage): void
/**
* @deprecated use DBAL Conenction instead. See adminreports.php for an example implementation
* @param resource $rs
* @return array
* @return array|false|null
*/
function sql_fetch_array($rs)
{
Expand Down
2 changes: 1 addition & 1 deletion htdocs/lib2/db.inc.php
Expand Up @@ -567,7 +567,7 @@ function sql_value_internal($bQuerySlave, $sql, $default)
/**
* @deprecated use DBAL Conenction instead. See adminreports.php for an example implementation
* @param $rs
* @return array
* @return array|false|null
*/
function sql_fetch_array($rs)
{
Expand Down

0 comments on commit 4bdd6a0

Please sign in to comment.