Skip to content
Permalink
Browse files Browse the repository at this point in the history
BUG: / SECURITY: Fixed a possible xss injection when handling non-exi…
…stent action-names. fixes SROEADV-2015-01.
  • Loading branch information
sidler committed Jan 5, 2015
1 parent 193bc70 commit 563d39c
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 8 deletions.
7 changes: 3 additions & 4 deletions module_system/admin/class_admin_controller.php
Expand Up @@ -367,13 +367,12 @@ protected function getOutputLogin() {
*/
public function action($strAction = "") {

if($strAction == "") {
$strAction = $this->getAction();
}
else {
if($strAction != "") {
$this->setAction($strAction);
}

$strAction = $this->getAction();

//search for the matching method - build method name
$strMethodName = "action" . uniStrtoupper($strAction[0]) . uniSubstr($strAction, 1);

Expand Down
8 changes: 4 additions & 4 deletions module_system/system/class_abstract_controller.php
Expand Up @@ -120,10 +120,10 @@ public function __construct($strSystemid = "") {


//And keep the action
$this->strAction = $this->getParam("action");
$this->setAction($this->getParam("action"));
//in most cases, the list is the default action if no other action was passed
if($this->strAction == "") {
$this->strAction = "list";
if($this->getAction() == "") {
$this->setAction("list");
}

//try to load the current module-name and the moduleId by reflection
Expand Down Expand Up @@ -197,7 +197,7 @@ public final function getAction() {
* @return void
*/
public final function setAction($strAction) {
$this->strAction = $strAction;
$this->strAction = htmlspecialchars(trim($strAction), ENT_QUOTES, "UTF-8", false);
}


Expand Down

0 comments on commit 563d39c

Please sign in to comment.