Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Looks like the testfest server doesn't have input filtering turned on…

… by default
  • Loading branch information...
commit 2994497ebdab18af7ce468c23ff1b24328d956ef 1 parent 81fb22f
@rlerdorf rlerdorf authored
View
12 scripts/testfestsource/src/get.php
@@ -1,17 +1,17 @@
<?php
switch($_GET['test']) {
case 'post':
- var_dump($_POST);
- break;
+ var_dump(filter_var_array($_POST, FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+ break;
case 'getpost':
- var_dump($_GET);
- var_dump($_POST);
+ var_dump(filter_var_array($_GET, FILTER_SANITIZE_FULL_SPECIAL_CHARS));
+ var_dump(filter_var_array($_POST, FILTER_SANITIZE_FULL_SPECIAL_CHARS));
break;
case 'referer':
- echo $_SERVER['HTTP_REFERER'];
+ echo htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES, 'UTF-8');
break;
case 'useragent':
- echo $_SERVER['HTTP_USER_AGENT'];
+ echo htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_QUOTES, 'UTF-8');
break;
default:
echo "Hello World!\n";
View
4 scripts/testfestsource/src/viewfilecontents.php
@@ -28,11 +28,11 @@
$file = $_GET['file'];
$basename = $_SESSION['basename'];
-echo "<br><b>File:".$file."</b><br><br>";
+echo "<br><b>File:".htmlspecialchars($file, ENT_QUOTES, 'UTF-8')."</b><br><br>";
$file = realpath($file);
if (strpos($file, '/p2/var/www/results.testfest.php.net/public_html/publishresults/') !== 0) {
- echo "Test file $file outside expected path<br />";
+ echo "Test file ".htmlspecialchars($file, ENT_QUOTES, 'UTF-8')." outside expected path<br />";
} else {
highlight_file($file);
}
Please sign in to comment.
Something went wrong with that request. Please try again.