AIR/mxml
1
0
Fork 0
mirror of https://github.com/michaelrsweet/mxml.git synced 2025-04-17 15:22:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Useless XSS fix.

Browse Source
This commit is contained in:
Michael R Sweet 2008-10-20 22:47:29 +00:00
parent 6788efa5ce
commit 51e76f4109
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
www/software.php
View File

@ -23,11 +23,18 @@ fclose($fp);
// Get form data, if any...
if (array_key_exists("FILE", $_GET))
{
$file = $_GET["FILE"];
if (strpos($file, "../") !== FALSE ||
!file_exists("/home/ftp.easysw.com/pub/$file"))
$file = "";
}
else
$file = "";
if (array_key_exists("SITE", $_GET))
if (array_key_exists("SITE", $_GET) &&
array_key_exists($_GET["SITE"], $PROJECT_SITELIST))
{
$site = $_GET["SITE"];
setcookie("SITE", $site, time() + 90 * 86400, "/");