Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixed security vulnerability in redirect (missing validation)
removed unused files
  • Loading branch information
calesanz committed Mar 19, 2015
1 parent 36298e9 commit 88a517d
Show file tree
Hide file tree
Showing 15 changed files with 29 additions and 3,650 deletions.
2 changes: 1 addition & 1 deletion DA/DAGuestBookEntry.php
Expand Up @@ -17,7 +17,7 @@ function find($id) {
return $entry;
}
function findAll() {
$sql = 'SELECT * FROM GuestBookEntry';
$sql = 'SELECT * FROM GuestBookEntry ORDER BY CreatedAt DESC';
$stmt = self::getConnection ()->prepare ( $sql );
$stmt->execute ();

Expand Down
3 changes: 1 addition & 2 deletions controller/gaestebuchController.php
Expand Up @@ -43,8 +43,7 @@ public function bearbeiten($param, $data, $session) {
$errors .= \BO\BOGuestBook::save ( $guestbook );
if ($errirs == "") {
// Redirect back
header ( "Location: $backurl" );
header ( "HTTP/1.1 302 Found" );
\Redirector::redirect($backurl);
return;
}
}
Expand Down
4 changes: 1 addition & 3 deletions controller/userController.php
Expand Up @@ -42,9 +42,7 @@ public function login($param, $data, $session) {
$_SESSION ['userId'] = $user->Id;
$_SESSION ['FullName'] = $user->FullName;
// Logged In

header ( "Location: $backurl" );
header ( "HTTP/1.1 302 Found" );
\Redirector::redirect($backurl);
return;
} else
$errorMessage = "Incorrect credentials!";
Expand Down

0 comments on commit 88a517d

Please sign in to comment.