Mibew/tray
1
0
Fork 0
mirror of https://github.com/Mibew/tray.git synced 2025-01-22 18:10:34 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix XSS problem in leavemessage

Browse Source
This commit is contained in:
Evgeny Gryaznov 2011-02-16 02:17:30 +01:00
parent 7b5f6192b5
commit 13e5ac59a6
4 changed files with 94 additions and 94 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/messenger/webim/libs/chat.php
View File

@ -288,7 +288,7 @@ function setup_leavemessage($name, $email, $message, $groupid, $groupname, $info
$page['showcaptcha'] = $settings["enablecaptcha"] == "1" && $canshowcaptcha ? "1" : "";
$page['formgroupid'] = $groupid;
$page['formgroupname'] = $groupname;
$page['info'] = topage($info);
$page['forminfo'] = topage($info);
$page['referrer'] = urlencode(topage($referrer));
}

2
src/messenger/webim/styles/default/templates/leavemessage.tpl
View File

@ -43,7 +43,7 @@
<form name="leaveMessageForm" method="post" action="${webimroot}/leavemessage.php">
<input type="hidden" name="style" value="${styleid}"/>
<input type="hidden" name="info" value="${page:info}"/>
<input type="hidden" name="info" value="${form:info}"/>
<input type="hidden" name="referrer" value="${page:referrer}"/>
${if:formgroupid}<input type="hidden" name="group" value="${form:groupid}"/>${endif:formgroupid}
<table width="100%" cellspacing="0" cellpadding="0" border="0">

2
src/messenger/webim/styles/original/templates/leavemessage.tpl
View File

@ -28,7 +28,7 @@
<form name="leaveMessageForm" method="post" action="${webimroot}/leavemessage.php">
<input type="hidden" name="style" value="${styleid}"/>
<input type="hidden" name="info" value="${page:info}"/>
<input type="hidden" name="info" value="${form:info}"/>
<input type="hidden" name="referrer" value="${page:referrer}"/>
${if:formgroupid}<input type="hidden" name="group" value="${form:groupid}"/>${endif:formgroupid}
<table width="100%" style="height:100%;" cellspacing="0" cellpadding="0" border="0">

2
src/messenger/webim/styles/simplicity/templates/leavemessage.tpl
View File

@ -9,7 +9,7 @@
<div id="whitebg">
<form name="leaveMessageForm" method="post" action="${webimroot}/leavemessage.php">
<input type="hidden" name="style" value="${styleid}"/>
<input type="hidden" name="info" value="${page:info}"/>
<input type="hidden" name="info" value="${form:info}"/>
<input type="hidden" name="referrer" value="${page:referrer}"/>
${if:formgroupid}<input type="hidden" name="group" value="${form:groupid}"/>${endif:formgroupid}
<table cellpadding="0" cellspacing="5" border="0" width="100%">