Skip to content
Permalink
Browse files Browse the repository at this point in the history
encase $_SERVER['PHP_SELF'] with htmlentities() to prevent XSS attacks
  • Loading branch information
Rivetcode committed Mar 3, 2012
1 parent 4446795 commit f053c5c
Show file tree
Hide file tree
Showing 9 changed files with 19 additions and 19 deletions.
2 changes: 1 addition & 1 deletion DumpTorrentCGI.php
Expand Up @@ -24,7 +24,7 @@
This script parses a torrent file and displays detailed information about it.
</td></tr>
</table><br>
<form enctype="multipart/form-data" method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
<form enctype="multipart/form-data" method="POST" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
Torrent file: <input type="file" name="torrent" size="40"><br>
<br>
OR
Expand Down
2 changes: 1 addition & 1 deletion batch_upload.php
Expand Up @@ -190,7 +190,7 @@
if (function_exists("zip_open"))
{
?>
<form enctype="multipart/form-data" action="<?php echo $_SERVER["PHP_SELF"];?>" method="post">
<form enctype="multipart/form-data" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
<b>Zip File:</b><input type="file" name="zipfile" size="50"/>
<input type="submit" value="Upload ZIP File"/>
</form>
Expand Down
10 changes: 5 additions & 5 deletions css.php
Expand Up @@ -136,7 +136,7 @@ function rgbhex($red, $green, $blue)
//display text box with css in it
?>
<h2>Editing File: <?php echo $filename;?></h2>
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="post">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
<input type="hidden" name="hidden_filename" value="<?php echo $filename;?>"/>
<input type="hidden" name="current_css_file" value="<?php echo $_POST['current_css_file'];?>"/>
<textarea name="file_contents" cols="120" rows="20"><?php
Expand Down Expand Up @@ -203,7 +203,7 @@ function rgbhex($red, $green, $blue)
echo "<b>Currently Used CSS File: " . $current_css_file . "</b><br><br>";
?>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
<b>Set CSS File:</b><select name="set_css">
<?php
for ($i = 0; $i < $number_files; $i++)
Expand All @@ -217,7 +217,7 @@ function rgbhex($red, $green, $blue)
</form>
<br><br>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
<b>Delete CSS File:</b><select name="delete_css">
<?php
for ($i = 0; $i < $number_files; $i++)
Expand All @@ -231,7 +231,7 @@ function rgbhex($red, $green, $blue)
</form>
<br><br>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
<input type="hidden" name="current_css_file" value="<?php echo $current_css_file;?>"/>
<b>Edit Existing CSS File:</b><select name="edit_css">
<?php
Expand All @@ -245,7 +245,7 @@ function rgbhex($red, $green, $blue)
</form>
<br><br>

<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="post">
<b>Create New CSS File (e.g. mycssfile.css):</b>
<input type="text" size="40" name="create_css"/>
<input type="submit" value="Create New CSS File"/>
Expand Down
2 changes: 1 addition & 1 deletion deleter.php
Expand Up @@ -36,7 +36,7 @@ function selectRow(checkBox)
</script>
</head>
<body>
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="POST">
<?php
require_once("funcsv2.php");

Expand Down
4 changes: 2 additions & 2 deletions edit_database.php
Expand Up @@ -51,7 +51,7 @@

while ($data = mysql_fetch_row($rows))
{
echo "<tr><td><a href=\"" . $PHP_SELF . "?filename=" . rawurlencode($data[0]) . "\">" . $data[0] . "</a></td></tr>\n";
echo "<tr><td><a href=\"" . htmlentities($_SERVER['PHP_SELF']) . "?filename=" . rawurlencode($data[0]) . "\">" . $data[0] . "</a></td></tr>\n";
}
?>
</table>
Expand All @@ -65,7 +65,7 @@

$data = mysql_fetch_row($rows); //should be only one entry...
?>
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="POST">
<input type="hidden" name="editdatabase" value="1">
<input type="hidden" name="<?php echo $data[0];?>" value="<?php echo $data[0];?>">
<input type="hidden" name="<?php echo $data[0] . "_old_filename";?>" value="<?php echo $data[1];?>">
Expand Down
2 changes: 1 addition & 1 deletion editconfig.php
Expand Up @@ -24,7 +24,7 @@
{
?>
<h1>Edit Config File</h1>
<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="POST">
<input type="hidden" name="saveconfig" value="1">
<h2>This page allows you to configure the "config.php" settings. This file stores all the necessary
settings for your tracker. Please do NOT edit the "config.php" file directly,
Expand Down
10 changes: 5 additions & 5 deletions install.php
Expand Up @@ -92,7 +92,7 @@

?>
<br>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
<form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>">
<input type="hidden" name="started" value="1">
<h2>The MySQL database needs to be prepared for the tracker. This script will help
you do that.</h2>
Expand All @@ -115,7 +115,7 @@
if (isset($_POST["preexisting"]))
{
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
<form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>">
<input type="hidden" name="maketables" value="1">
<input type="hidden" name="started" value="1">
<h1>RivetTracker Installation</h1>
Expand All @@ -142,7 +142,7 @@
if (isset($_POST["makeaccount"]))
{
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
<form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>">
<input type="hidden" name="domakeaccount" value="1">
<input type="hidden" name="started" value="1">
<h1>Tracker Installation</h1>
Expand Down Expand Up @@ -231,7 +231,7 @@
{
//have user set values for config.php
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
<form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>">
<input type="hidden" name="config" value="1">
<input type="hidden" name="started" value="1">
<?php
Expand Down Expand Up @@ -597,7 +597,7 @@
<h2>"config.php" was unable to be created on the server,
you will have to download the file and upload it manually.</h2>
<br>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"];?>">
<form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>">
<input type="hidden" name="download" value="1">
<input type="hidden" name="hiddentracker" value="<?php if (isset($_POST['hiddentracker']) AND $_POST['hiddentracker'] == 'on') echo 'true'; else echo 'false';?>">
<input type="hidden" name="scrape" value="<?php if (isset($_POST['scrape']) AND $_POST['scrape'] == 'on') echo 'true'; else echo 'false';?>">
Expand Down
2 changes: 1 addition & 1 deletion newtorrents.php
Expand Up @@ -234,7 +234,7 @@ function endOutput()
<div class="center">
<h1>Add Torrent to Tracker Database</h1>
<h3>Tracker URL: <?php echo $tracker_url;?></h3>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<form enctype="multipart/form-data" method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>">
<table>
<tr>
<td class="right">Torrent file:</td>
Expand Down
4 changes: 2 additions & 2 deletions statistics.php
Expand Up @@ -23,7 +23,7 @@
<body>
<h1>Tracker User Statistics</h1>

<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="POST">
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']);?>" method="POST">
Filename Search:<input type="text" name="filename_search" size="40"<?php if (isset($_POST["filename_search"]))echo " value=\"" . $_POST["filename_search"] . "\"";?>>
<input type="submit" value="Search">
</form>
Expand All @@ -48,7 +48,7 @@
}
else //display everything
{
$scriptname = $_SERVER["PHP_SELF"] . "?";
$scriptname = htmlentities($_SERVER['PHP_SELF']) . "?";

if (!isset($_GET["activeonly"]))
echo "<a href=\"$scriptname" . "activeonly=yes\">Show only torrents with seeders/leechers</a>\n";
Expand Down

0 comments on commit f053c5c

Please sign in to comment.