Upstream/dynmap
1
0
Fork 0
mirror of https://github.com/webbukkit/dynmap.git synced 2025-01-12 10:50:37 +01:00
Code Issues Projects Releases Wiki Activity

multiple cross-site scripting reflected fixed

Browse Source
This commit is contained in:
Michele0303 2022-08-02 19:55:09 +02:00
parent b5ac020a56
commit 8909fea4b1
7 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_tiles.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_markers.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/PostgreSQL_tiles.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_markers.php
View File

@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/SQLite_tiles.php
View File

@ -17,7 +17,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/markers.php
View File

@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";

2
DynmapCore/src/main/resources/extracted/web/standalone/tiles.php
View File

@ -24,7 +24,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['tile'];
$path = htmlspecialchars($_REQUEST['tile']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";