Browse code

XSS in Datenbankbeschreibung

Hanno authored on09/03/2019 09:28:36
Showing2 changed files
... ...
@@ -37,7 +37,7 @@ if (isset($_GET['db'])) {
37 37
         }
38 38
     }
39 39
     $form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisdb['name'].'</strong>.</p>';
40
-    $form .= '<p><input type="text" name="description" value="'.$thisdb['description'].'" /></p>
40
+    $form .= '<p><input type="text" name="description" value="'.filter_input_general($thisdb['description']).'" /></p>
41 41
 <p><input type="submit" value="Speichern" /></p>';
42 42
     output(html_form('mysql_description', 'save', "action=description&db={$thisdb['name']}", $form));
43 43
 }
... ...
@@ -49,7 +49,7 @@ if (isset($_GET['username'])) {
49 49
         }
50 50
     }
51 51
     $form = '<p>Ändern Sie hier die Beschreibung der Datenbank <strong>'.$thisuser['username'].'</strong>.</p>';
52
-    $form .= '<p><input type="text" name="description" value="'.$thisuser['description'].'" /></p>
52
+    $form .= '<p><input type="text" name="description" value="'.filter_input_general($thisuser['description']).'" /></p>
53 53
 <p><input type="submit" value="Speichern" /></p>';
54 54
     output(html_form('mysql_description', 'save', "action=description&username={$thisuser['username']}", $form));
55 55
 }
... ...
@@ -78,7 +78,7 @@ if (count($dbs) > 0 || count($users) > 0) {
78 78
         $phpmyadmin = "https://mysql-{$servers[$db['name']]}/";
79 79
         $desc = '';
80 80
         if ($db['description']) {
81
-            $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.$db['description'].'</span>';
81
+            $desc = '<br /><span style="font-weight: normal; font-size: 80%; font-style: italic;">'.filter_input_general($db['description']).'</span>';
82 82
         }
83 83
         output("<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\"><span title=\"Erstellt: {$db['created']}\">{$db['name']}</span>".$desc."<br />");
84 84
         output(internal_link('description', other_icon("comment.png", 'Datenbank-Beschreibung ändern'), "db={$db['name']}")."&#160;");