From b8fb6551e9b970ad37134af0562ffabe24a7672d Mon Sep 17 00:00:00 2001 From: MyKings Date: Wed, 25 Nov 2015 19:07:32 -0800 Subject: [PATCH] fix CVE-2015-7348 --- demo/cn/asyncData/getNodes.php | 6 ++---- demo/cn/asyncData/getNodesForBigData.php | 5 ++--- demo/en/asyncData/getNodes.php | 6 ++---- demo/en/asyncData/getNodesForBigData.php | 5 ++--- 4 files changed, 8 insertions(+), 14 deletions(-) diff --git a/demo/cn/asyncData/getNodes.php b/demo/cn/asyncData/getNodes.php index 55c3918..6d22b5e 100644 --- a/demo/cn/asyncData/getNodes.php +++ b/demo/cn/asyncData/getNodes.php @@ -21,11 +21,9 @@ if ($pName==null) $pName = ""; else $pName = $pName."."; -$pId = str_replace("%<%", "<", $pId); -$pId = str_replace("%>%", ">", $pId); +$pId = htmlspecialchars($pId); -$pName = str_replace("%<%", "<", $pName); -$pName = str_replace("%>%", ">", $pName); +$pName = htmlspecialchars($pName); //for ($i=1; $i<9999; $i++) { // for ($j=1; $j<999; $j++) { diff --git a/demo/cn/asyncData/getNodesForBigData.php b/demo/cn/asyncData/getNodesForBigData.php index f91098f..588c14c 100644 --- a/demo/cn/asyncData/getNodesForBigData.php +++ b/demo/cn/asyncData/getNodesForBigData.php @@ -11,8 +11,7 @@ if ($pId==null || $pId=="") $pId = "0"; if ($pCount==null || $pCount=="") $pCount = "10"; -$pId = str_replace("%<%", "<", $pId); -$pId = str_replace("%>%", ">", $pId); +$pId = htmlspecialchars($pId); $max = (int)$pCount; for ($i=1; $i<=$max; $i++) { @@ -24,4 +23,4 @@ } } -?>] \ No newline at end of file +?>] diff --git a/demo/en/asyncData/getNodes.php b/demo/en/asyncData/getNodes.php index 55c3918..6d22b5e 100644 --- a/demo/en/asyncData/getNodes.php +++ b/demo/en/asyncData/getNodes.php @@ -21,11 +21,9 @@ if ($pName==null) $pName = ""; else $pName = $pName."."; -$pId = str_replace("%<%", "<", $pId); -$pId = str_replace("%>%", ">", $pId); +$pId = htmlspecialchars($pId); -$pName = str_replace("%<%", "<", $pName); -$pName = str_replace("%>%", ">", $pName); +$pName = htmlspecialchars($pName); //for ($i=1; $i<9999; $i++) { // for ($j=1; $j<999; $j++) { diff --git a/demo/en/asyncData/getNodesForBigData.php b/demo/en/asyncData/getNodesForBigData.php index f91098f..588c14c 100644 --- a/demo/en/asyncData/getNodesForBigData.php +++ b/demo/en/asyncData/getNodesForBigData.php @@ -11,8 +11,7 @@ if ($pId==null || $pId=="") $pId = "0"; if ($pCount==null || $pCount=="") $pCount = "10"; -$pId = str_replace("%<%", "<", $pId); -$pId = str_replace("%>%", ">", $pId); +$pId = htmlspecialchars($pId); $max = (int)$pCount; for ($i=1; $i<=$max; $i++) { @@ -24,4 +23,4 @@ } } -?>] \ No newline at end of file +?>]