Mercurial Mercurial > repos > enano-1.1 / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
files/index.php
author Dan
Sat, 19 Jan 2008 00:47:52 -0500
changeset 447 a9a3789ce02d
parent 312 6c7060d36a23
permissions -rw-r--r--
Not sure if $taboo was getting sanitized or not. Possibly an SQL injection vulnerability that allows maliciously crafted group names to inject SQL at a later date when the group CP is loaded. Unconfirmed, theoretical fix.

<?php

$title = 'Access denied';
require('../includes/common.php');
header('HTTP/1.1 403 Forbidden');

$template->header();
echo '<p>The administrator has flagged the page "' . htmlspecialchars($_SERVER['REQUEST_URI']) . '" so that it cannot be accessed from the web. Perhaps this is because this is a cache or includes directory and only needs to be accessed by scripts.</p><p>HTTP error: 403 Forbidden</p>';
$template->footer();
Enano CMS (1.1.x)