Projet

Général

Profil

« Précédent | Suivant » 

Révision e4921058

Ajouté par Renato Botelho il y a presque 10 ans

Protect rssfeed parameters with htmlspecialchars()

Voir les différences:

usr/local/www/widgets/widgets/rss.widget.php
33 33 
require_once("functions.inc");
34 34 

  		




  35
  35
  
    
if($_POST['rssfeed']) {


  		




  36
  
  
    
	$config['widgets']['rssfeed'] = str_replace("\n", ",", $_POST['rssfeed']);


  		




  37
  
  
    
	$config['widgets']['rssmaxitems'] = str_replace("\n", ",", $_POST['rssmaxitems']);


  		




  38
  
  
    
	$config['widgets']['rsswidgetheight'] = $_POST['rsswidgetheight'];


  		




  39
  
  
    
	$config['widgets']['rsswidgettextlength'] = $_POST['rsswidgettextlength'];


  		




  
  36
  
    
	$config['widgets']['rssfeed'] = str_replace("\n", ",", htmlspecialchars($_POST['rssfeed'], ENT_QUOTES | ENT_HTML401));


  		




  
  37
  
    
	$config['widgets']['rssmaxitems'] = str_replace("\n", ",", htmlspecialchars($_POST['rssmaxitems'], ENT_QUOTES | ENT_HTML401));


  		




  
  38
  
    
	$config['widgets']['rsswidgetheight'] = htmlspecialchars($_POST['rsswidgetheight'], ENT_QUOTES | ENT_HTML401);


  		




  
  39
  
    
	$config['widgets']['rsswidgettextlength'] = htmlspecialchars($_POST['rsswidgettextlength'], ENT_QUOTES | ENT_HTML401);


  		




  40
  40
  
    
	write_config("Saved RSS Widget feed via Dashboard");


  		




  41
  41
  
    
	header("Location: /");


  		




  42
  42
  
    
}


  		




  ......




  48
  48
  
    
if($config['widgets']['rssmaxitems'])


  		




  49
  49
  
    
	$max_items =  $config['widgets']['rssmaxitems'];


  		




  50
  50
  
    

  		




  51
  
  
    
if($config['widgets']['rsswidgetheight'])


  		




  
  51
  
    
if(is_numeric($config['widgets']['rsswidgetheight']))


  		




  52
  52
  
    
	$rsswidgetheight =  $config['widgets']['rsswidgetheight'];


  		




  53
  53
  
    

  		




  54
  
  
    
if($config['widgets']['rsswidgettextlength'])


  		




  
  54
  
    
if(is_numeric($config['widgets']['rsswidgettextlength']))


  		




  55
  55
  
    
	$rsswidgettextlength =  $config['widgets']['rsswidgettextlength'];


  		




  56
  56
  
    

  		




  57
  57
  
    
// Set a default feed if none exists


  		












Formats disponibles :  Unified diff