Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix xss reported by Noccolo Picca relating to not sanitizing connkey
  • Loading branch information
Isaac Connor committed Sep 16, 2020
1 parent 1472380 commit 9268db1
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions web/skins/classic/views/download.php
Expand Up @@ -62,7 +62,7 @@
}

$focusWindow = true;
$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey();
$connkey = isset($_REQUEST['connkey']) ? validInt($_REQUEST['connkey']) : generateConnKey();

xhtmlHeaders(__FILE__, translate('Download'));
?>
Expand All @@ -75,7 +75,7 @@
<h2><?php echo translate('Download') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="connkey" value="<?php echo $connkey; ?>"/>
<?php
if ( !empty($_REQUEST['eid']) ) {
Expand Down
2 changes: 1 addition & 1 deletion web/skins/classic/views/export.php
Expand Up @@ -55,7 +55,7 @@
}

$focusWindow = true;
$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey();
$connkey = isset($_REQUEST['connkey']) ? validInt($_REQUEST['connkey']) : generateConnKey();

xhtmlHeaders(__FILE__, translate('Export'));
?>
Expand Down

0 comments on commit 9268db1

Please sign in to comment.