XSS-Fehler (0c1e8c0) - webinterface.git

XSS-Fehler

bernd commited on 2007-07-30 15:27:13
Zeige 1 geänderte Dateien mit 1 Einfügungen und 1 Löschungen.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@572 87cf0b9e-d624-0410-a070-f6ee81989793

modules/systemuser/include/useraccounts.php df0f2fe..fc81da0

modules/systemuser/include/useraccounts.php

Zeige Datei @ 0c1e8c0

@@ -57,7 +57,7 @@ function set_systemuser_details($uid, $fullname, $quota)
 {
   $uid = (int) $uid;
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
-  $fullname = maybe_null(mysql_real_escape_string($fullname));
+  $fullname = maybe_null(mysql_real_escape_string(filter_input_general($fullname)));
   $quota = (int) $quota;
 
   db_query("UPDATE system.useraccounts SET name={$fullname} WHERE kunde={$customerno} AND uid={$uid} LIMIT 1");


...	...	@@ -57,7 +57,7 @@ function set_systemuser_details($uid, $fullname, $quota)
57	57	{
58	58	$uid = (int) $uid;
59	59	$customerno = (int) $_SESSION['customerinfo']['customerno'];
60		- $fullname = maybe_null(mysql_real_escape_string($fullname));
	60	+ $fullname = maybe_null(mysql_real_escape_string(filter_input_general($fullname)));
61	61	$quota = (int) $quota;
62	62
63	63	db_query("UPDATE system.useraccounts SET name={$fullname} WHERE kunde={$customerno} AND uid={$uid} LIMIT 1");
64	64