Skip to content

Commit

Permalink
Protection cross side scripting
Browse files Browse the repository at this point in the history
 Modified Files:
 	glpi/glpi/common/functions.php
 	glpi/glpi/common/functions_auth.php
  • Loading branch information
moyooo committed Jan 11, 2006
1 parent 5dcb655 commit 6f2375a
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
10 changes: 10 additions & 0 deletions glpi/common/functions.php
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,16 @@ function addslashes_deep($value) {
}


function clean_cross_side_scripting_deep($value) {
$in=array("<",">");
$out=array("&lt;","&gt;");
$value = is_array($value) ?
array_map('clean_cross_side_scripting_deep', $value) :
(is_null($value) ? NULL : str_replace($in,$out,$value));
return $value;
}


function utf8_decode_deep($value) {
$value = is_array($value) ?
array_map('utf8_decode_deep', $value) :
Expand Down
6 changes: 5 additions & 1 deletion glpi/common/functions_auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -177,12 +177,15 @@ function checkAuthentication($authtype) {
}
if (isset($_POST)){
$_POST = array_map('addslashes_deep', $_POST);
$_POST = array_map('clean_cross_side_scripting_deep', $_POST);
}
if (isset($_GET)){
$_GET = array_map('addslashes_deep', $_GET);
$_GET = array_map('clean_cross_side_scripting_deep', $_GET);
}
if (isset($tab)){
$tab = array_map('addslashes_deep', $tab);
$tab = array_map('addslashes_deep', $tab);
$tab = array_map('clean_cross_side_scripting_deep', $tab);
}

// Checks a GLOBAL user and password against the database
Expand Down Expand Up @@ -288,6 +291,7 @@ function checkAuthentication($authtype) {
}
}


/**
* Include the good language dict.
*
Expand Down

0 comments on commit 6f2375a

Please sign in to comment.