Projet

Général

Profil

« Précédent | Suivant » 

Révision c1a50dd7

Ajouté par Renato Botelho il y a plus de 9 ans

Remove debugging code that can lead us to XSS injection, also pass variables through htmlspecialchars() to sanitize

Voir les différences:

usr/local/www/installer/installer.php
495 495 
	}
496 496 
	if(!$bootmanager)
497 497 
		$bootmanager = $_REQUEST['bootmanager'];
498 
	echo "\n<!--" . print_r($_REQUEST, true) . " -->\n";
498 
	// echo "\n<!--" . print_r($_REQUEST, true) . " -->\n";
499 499 
	$disk = pcsysinstall_get_disk_info(htmlspecialchars($_REQUEST['disk']));
500 500 
	$disksize = format_bytes($disk['size'] * 1048576);
501 501 
	// Loop through posted items and create an array
......
533 533 
		$tmparray['encpass'] = $_REQUEST['encpass' . $x];
534 534 
		$disks[] = $tmparray;
535 535 
	}
536 
	echo "\n<!-- " . print_r($disks, true) . " --> \n";
536 
	// echo "\n<!-- " . print_r($disks, true) . " --> \n";
537 537 
	$bootmanagerupper = strtoupper($bootmanager);
538 538 
	echo <<<EOFAMBAC
539 539 
	<form method="post" action="installer.php">
......
593 593 
													foreach($disks as $disk) {
594 594 
														$desc = pcsysinstall_get_disk_info($disk['disk']);
595 595 
														echo "<tr>";
596 
														echo "<td>&nbsp;&nbsp;&nbsp;{$disk['mountpoint']}</td>";
597 
														echo "<td>{$disk['fstype']}</td>";
598 
														echo "<td>{$disk['disk']} {$desc['desc']}</td>";
599 
														echo "<td>{$disk['size']}</td>";
600 
														echo "<td>{$disk['encpass']}</td>";
596 
														echo "<td>&nbsp;&nbsp;&nbsp;" . htmlspecialchars($disk['mountpoint']) . "</td>";
597 
														echo "<td>" . htmlspecialchars($disk['fstype']) . "</td>";
598 
														echo "<td>" . htmlspecialchars($disk['disk']) . " " . htmlspecialchars($desc['desc']) . "</td>";
599 
														echo "<td>" . htmlspecialchars($disk['size']) . "</td>";
600 
														echo "<td>" . htmlspecialchars($disk['encpass']) . "</td>";
601 601 
														echo "</tr>";
602 602 
													}
603 603 

  		




  ......




  968
  968
  
    
		$first_disk_size = $size - $swap_size;


  		




  969
  969
  
    

  		




  970
  970
  
    
		// Debugging


  		




  971
  
  
    
		echo "\n\n<!-- $first_disk - " . print_r($disk_info, true) . " - $size  - $first_disk_size -->\n\n";


  		




  
  971
  
    
		// echo "\n\n<!-- $first_disk - " . print_r($disk_info, true) . " - $size  - $first_disk_size -->\n\n";


  		




  972
  972
  
    

  		




  973
  973
  
    
		// Check to see if a on disk layout exists


  		




  974
  974
  
    
		if(file_exists("/tmp/webInstaller_disk_layout.txt")) {


  		












Formats disponibles :  Unified diff