Upstream
/
dynmap
mirror of https://github.com/webbukkit/dynmap.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

multiple cross-site scripting reflected fixed

This commit is contained in:
Michele0303 2022-08-02 19:55:09 +02:00
parent b5ac020a56
commit 8909fea4b1
7 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php
View File

@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php
View File

@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/markers.php
View File

@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/tiles.php
View File

@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";