Permalink
Browse files

Fixed potential security issue if users doesn't properly remove the e…

…xamples directory from a live site.
  • Loading branch information...
1 parent 51ec597 commit e2eb226d107a8fba5d529871fcefdc153f08eec0 @spocke spocke committed Oct 1, 2011
Showing with 1 addition and 1 deletion.
  1. +1 −1 examples/dump.php
View
@@ -26,7 +26,7 @@
</tr>
<?php $count = 0; foreach ($_POST as $name => $value) { ?>
<tr class="<?php echo $count % 2 == 0 ? 'alt' : ''; ?>">
- <td><?php echo $name ?></td>
+ <td><?php echo htmlentities(stripslashes($name)) ?></td>
<td><?php echo nl2br(htmlentities(stripslashes($value))) ?></td>
</tr>
<?php } ?>

1 comment on commit e2eb226

@greggles

Here's the fix to an issue I alerted the Plupload folks about.
Yay improved security!
Lack of alerts from moxiecode to their customers regarding this issue...not so awesome... :/
Lack of credit to me for finding this (in the commit message, a tweet from moxiecode, etc.) not so awesome... :/

Please sign in to comment.