Skip to content
GitLab
Explore
Projects
Groups
Topics
Snippets
Projects
Groups
Topics
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
fusiondirectory
Securimage
Commits
39d9ad21
Unverified
Commit
39d9ad21
authored
3 years ago
by
Drew Phillips
Committed by
GitHub
3 years ago
Browse files
Options
Download
Plain Diff
Merge pull request #107 from bleplat/xssfix
Use htmlspecialchars to fix XSS in some example scripts
parents
5fc5953c
77e704f7
master
No related merge requests found
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
examples/static_captcha.php
+4
-2
examples/static_captcha.php
examples/test.mysql.static.php
+2
-2
examples/test.mysql.static.php
with
6 additions
and
4 deletions
+6
-4
examples/static_captcha.php
+
4
−
2
View file @
39d9ad21
...
...
@@ -58,6 +58,8 @@ if (isset($_GET['validate'])) {
// generate a new captcha ID and challenge
$captchaId
=
Securimage
::
getCaptchaId
();
$currentScript
=
htmlspecialchars
(
$_SERVER
[
'PHP_SELF'
],
ENT_QUOTES
);
// output the captcha ID, and a form to validate it
// the form submits to itself and is validated above
echo
<<<EOD
...
...
@@ -82,9 +84,9 @@ echo <<<EOD
<p> </p>
<div>
Captcha ID: $captchaId<br /><br />
<img src="
{$_SERVER['PHP_SELF']}
?display&id=$captchaId" alt="Captcha Image" /><br />
<img src="
$currentScript
?display&id=$captchaId" alt="Captcha Image" /><br />
<form method="get" action="
{$_SERVER['PHP_SELF']}
">
<form method="get" action="
$currentScript
">
<input type="hidden" name="validate" value="1" />
<input type="hidden" name="id" value="$captchaId" />
Enter Code:
...
...
This diff is collapsed.
Click to expand it.
examples/test.mysql.static.php
+
2
−
2
View file @
39d9ad21
...
...
@@ -110,11 +110,11 @@ $captchaId = Securimage::getCaptchaId(true, $options);
<
p
>&
nbsp
;
</
p
>
<
div
>
Captcha
ID
:
<
span
id
=
"span_captchaId"
><?
php
echo
$captchaId
?>
</span><br
/><br
/>
<img
id=
"siimage"
src=
"
<?php
echo
$_SERVER
[
'PHP_SELF'
]
?>
?display=1&id=
<?php
echo
$captchaId
?>
"
alt=
"Captcha Image"
/>
<img
id=
"siimage"
src=
"
<?php
echo
htmlspecialchars
(
$_SERVER
[
'PHP_SELF'
]
,
ENT_QUOTES
)
?>
?display=1&id=
<?php
echo
$captchaId
?>
"
alt=
"Captcha Image"
/>
[
<a
href=
"#"
onclick=
"refreshCaptcha(); return false"
>
Refresh Image
</a>
]
<br
/>
<form
method=
"get"
action=
"
<?php
echo
$_SERVER
[
'PHP_SELF'
]
?>
"
>
<form
method=
"get"
action=
"
<?php
echo
htmlspecialchars
(
$_SERVER
[
'PHP_SELF'
]
,
ENT_QUOTES
)
?>
"
>
<input
type=
"hidden"
name=
"validate"
value=
"1"
/>
<input
id=
"captchaId"
type=
"hidden"
name=
"id"
value=
"
<?php
echo
$captchaId
?>
"
/>
Enter Code:
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
Menu
Explore
Projects
Groups
Topics
Snippets