Mercurial Mercurial > repos > enano-1.1 / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
authorDan Fuhry <dan@enanocms.org>
Mon, 28 Jun 2010 10:43:04 -0400
changeset 1253 13f8d373da67
parent 1252 e34c23a35dc9
child 1254 221d14331ebe
SECURITY: Multiple XSS in Special:ChangeStyle. Reported by Mesut Timur of Mavituna Security - thanks! Also removed my stand-in for ucfirst().
includes/functions.php file | annotate | diff | comparison | revisions
includes/sessions.php file | annotate | diff | comparison | revisions
plugins/SpecialUserFuncs.php file | annotate | diff | comparison | revisions 
--- a/includes/functions.php	Wed Jun 02 21:58:26 2010 -0400
+++ b/includes/functions.php	Mon Jun 28 10:43:04 2010 -0400
@@ -1443,17 +1443,6 @@
 }
 
 /**
- * Capitalizes the first letter of a string
- * @param $text string the text to be transformed
- * @return string
- */
-
-function capitalize_first_letter($text)
-{
-	return strtoupper(substr($text, 0, 1)) . substr($text, 1);
-}
-
-/**
  * Checks if a value in a bitfield is on or off
  * @param $bitfield int the bit-field value
  * @param $value int the value to switch off
--- a/includes/sessions.php	Wed Jun 02 21:58:26 2010 -0400
+++ b/includes/sessions.php	Mon Jun 28 10:43:04 2010 -0400
@@ -2841,7 +2841,7 @@
 		{
 			if(!$desc)
 			{
-				$desc = capitalize_first_letter(str_replace('_', ' ', $acl_type));
+				$desc = ucfirst(str_replace('_', ' ', $acl_type));
 			}
 			$this->acl_types[$acl_type] = $default_perm;
 			$this->acl_descs[$acl_type] = $desc;
--- a/plugins/SpecialUserFuncs.php	Wed Jun 02 21:58:26 2010 -0400
+++ b/plugins/SpecialUserFuncs.php	Mon Jun 28 10:43:04 2010 -0400
@@ -1244,13 +1244,13 @@
 										{
 											echo ' selected="selected"';
 										}
-										echo '>' . $t['theme_name'] . '</option>';
+										echo '>' . htmlspecialchars($t['theme_name']) . '</option>';
 									}
 								}
  							?>
 							</select>
 						</p>
-						<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
+						<p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" />
  							<input type="submit" name="themeselected" value="<?php echo $lang->get('userfuncs_changetheme_btn_continue'); ?>" /></p>
 					<?php } else { 
 						$theme = $_POST['theme'];
@@ -1276,13 +1276,13 @@
 									} else die($dir.' is not a dir');
 									foreach ( $list as $l )
 									{
-										echo '<option value="'.$l.'">'.capitalize_first_letter($l).'</option>';
+										echo '<option value="'.$l.'">'.ucfirst($l).'</option>';
 									}
 								?>
 							</select>
 						</p>
-						<p><input type="hidden" name="return_to" value="<?php echo $ret; ?>" />
- 							<input type="hidden" name="theme" value="<?php echo $theme; ?>" />
+						<p><input type="hidden" name="return_to" value="<?php echo htmlspecialchars($ret); ?>" />
+ 							<input type="hidden" name="theme" value="<?php echo htmlspecialchars($theme); ?>" />
  							<input type="submit" name="allclear" value="<?php echo $lang->get('userfuncs_changetheme_btn_allclear'); ?>" /></p>
 					<?php } ?>
 				</form>
Enano CMS (1.1.x)