Upstream
/
dynmap
mirror of https://github.com/webbukkit/dynmap.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #3814 from Michele0303/v3.0 

multiple cross-site scripting reflected fixed
This commit is contained in:
mikeprimm 2022-08-13 23:13:58 -05:00 committed by GitHub
parent 7ddecaa566 e2da0efd8e
commit 171b7c9e54
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_markers.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php
View File

@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php
View File

@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/markers.php
View File

@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/tiles.php
View File

@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";