mirror of https://github.com/webbukkit/dynmap.git
Merge pull request #3814 from Michele0303/v3.0
multiple cross-site scripting reflected fixed
This commit is contained in:
commit
171b7c9e54
|
@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['marker'];
|
$path = htmlspecialchars($_REQUEST['marker']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
|
@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['tile'];
|
$path = htmlspecialchars($_REQUEST['tile']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
|
@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['marker'];
|
$path = htmlspecialchars($_REQUEST['marker']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
|
@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['tile'];
|
$path = htmlspecialchars($_REQUEST['tile']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
|
@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['marker'];
|
$path = htmlspecialchars($_REQUEST['marker']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
|
@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['tile'];
|
$path = htmlspecialchars($_REQUEST['tile']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
|
@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['marker'];
|
$path = htmlspecialchars($_REQUEST['marker']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
|
@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
|
||||||
$loggedin = true;
|
$loggedin = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
$path = $_REQUEST['tile'];
|
$path = htmlspecialchars($_REQUEST['tile']);
|
||||||
if ((!isset($path)) || strstr($path, "..")) {
|
if ((!isset($path)) || strstr($path, "..")) {
|
||||||
header('HTTP/1.0 500 Error');
|
header('HTTP/1.0 500 Error');
|
||||||
echo "<h1>500 Error</h1>";
|
echo "<h1>500 Error</h1>";
|
||||||
|
|
Loading…
Reference in New Issue