Permalink
Browse files

Patch per vulnerabilità XSS - Avviso Secunia SA50574

Aggiornata la versione in admin di zen_get_all_get_params per includere
la medesima modalità di sanitizzazione utilizzata nel frontend
  • Loading branch information...
1 parent a9dd255 commit 9fd850b5cc2415462853c0a08aec7c30b44ae107 Paolo De Dionigi committed Oct 10, 2012
Showing with 2 additions and 1 deletion.
  1. +2 −1 admin/includes/functions/general.php
@@ -122,7 +122,8 @@ function zen_get_all_get_params($exclude_array = '') {
reset($_GET);
while (list($key, $value) = each($_GET)) {
- if (($key != zen_session_name()) && ($key != 'error') && (!in_array($key, $exclude_array))) $get_url .= $key . '=' . $value . '&';
+ if (($key != zen_session_name()) && ($key != 'error') && (!in_array($key, $exclude_array)))
+ $get_url .= zen_sanitize_string($key) . '=' . rawurlencode(stripslashes($value)) . '&';
}
return $get_url;

0 comments on commit 9fd850b

Please sign in to comment.