From ba7ec8e256095281099af35fb79b832051c612e6 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 2 Jul 2011 09:39:08 -0400 Subject: added note about preventing reflected XSS vulnerabilities. --- engine/lib/input.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'engine') diff --git a/engine/lib/input.php b/engine/lib/input.php index 84752bc7d..56ec214dc 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -10,8 +10,13 @@ /** * Get some input from variables passed on the GET or POST line. * + * If using any data obtained from get_input() in a web page, please be aware that + * it is a possible vector for a reflected XSS attack. If you are expecting an + * integer, cast it to an int. If it is a string, escape quotes. + * * Note: this function does not handle nested arrays (ex: form input of param[m][n]) * because of the filtering done in htmlawed from the filter_tags call. + * @todo Is this ^ still? * * @param string $variable The variable we want to return. * @param mixed $default A default value for the variable if it is not found. -- cgit v1.2.3 From 3beedd84a7dbcf7a17a75248473302320653d231 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 2 Jul 2011 10:26:39 -0400 Subject: fixed river for #3544 --- engine/lib/river.php | 3 +++ pages/river.php | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'engine') diff --git a/engine/lib/river.php b/engine/lib/river.php index 36dde7f05..1a2be1e50 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -589,10 +589,13 @@ function elgg_river_page_handler($page) { elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); + // make a URL segment available in page handler script $page_type = elgg_extract(0, $page, 'all'); + $page_type = preg_replace('[\W]', '', $page_type); if ($page_type == 'owner') { $page_type = 'mine'; } + set_input('page_type', $page_type); // content filter code here $entity_type = ''; diff --git a/pages/river.php b/pages/river.php index fa559d59b..5770084ab 100644 --- a/pages/river.php +++ b/pages/river.php @@ -3,12 +3,12 @@ * Main activity stream list page */ -// $page_type comes from the page handler function - $options = array(); -$type = get_input('type', 'all'); -$subtype = get_input('subtype', ''); +$page_type = preg_replace('[\W]', '', get_input('page_type', 'all')); +$type = preg_replace('[\W]', '', get_input('type', 'all')); +$active_section = +$subtype = preg_replace('[\W]', '', get_input('subtype', '')); if ($subtype) { $selector = "type=$type&subtype=$subtype"; } else { -- cgit v1.2.3