[xoops-cvslog 397] CVS update: xoops2jp/html/include

Zurück zum Archiv-Index

onokazu onoka****@users*****
2005年 9月 5日 (月) 05:46:09 JST


Index: xoops2jp/html/include/commentform.inc.php
diff -u xoops2jp/html/include/commentform.inc.php:1.3 xoops2jp/html/include/commentform.inc.php:1.4
--- xoops2jp/html/include/commentform.inc.php:1.3	Sat Aug 13 12:41:44 2005
+++ xoops2jp/html/include/commentform.inc.php	Mon Sep  5 05:46:09 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: commentform.inc.php,v 1.3 2005/08/13 03:41:44 onokazu Exp $
+// $Id: commentform.inc.php,v 1.4 2005/09/04 20:46:09 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
Index: xoops2jp/html/include/common.php
diff -u xoops2jp/html/include/common.php:1.6 xoops2jp/html/include/common.php:1.7
--- xoops2jp/html/include/common.php:1.6	Wed Aug  3 21:39:11 2005
+++ xoops2jp/html/include/common.php	Mon Sep  5 05:46:09 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: common.php,v 1.6 2005/08/03 12:39:11 onokazu Exp $
+// $Id: common.php,v 1.7 2005/09/04 20:46:09 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -163,6 +163,10 @@
         if ( isset( $_SERVER[ 'QUERY_STRING' ] ) ) {
             $_SERVER[ 'REQUEST_URI' ] .= '?' . $_SERVER[ 'QUERY_STRING' ];
         }
+        
+        // Guard for XSS string of PHP_SELF
+        if(preg_match("/[\<\>\"\'\(\)]/",$_SERVER['REQUEST_URI']))
+            die();
     }
     $xoopsRequestUri = $_SERVER[ 'REQUEST_URI' ];       // Deprecated (use the corrected $_SERVER variable now)
     /**#@-*/
Index: xoops2jp/html/include/functions.php
diff -u xoops2jp/html/include/functions.php:1.4 xoops2jp/html/include/functions.php:1.5
--- xoops2jp/html/include/functions.php:1.4	Wed Aug  3 21:39:11 2005
+++ xoops2jp/html/include/functions.php	Mon Sep  5 05:46:09 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: functions.php,v 1.4 2005/08/03 12:39:11 onokazu Exp $
+// $Id: functions.php,v 1.5 2005/09/04 20:46:09 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -460,6 +460,15 @@
     //} else {
         $ret = isset($_SERVER[$key]) ? $_SERVER[$key] : $_ENV[$key];
     //}
+
+    switch($key) {
+        case 'PHP_SELF':
+        case 'PATH_INFO':
+        case 'PATH_TRANSLATED':
+            $ret = htmlspecialchars($ret,ENT_QUOTES);
+            break;
+    }
+
     return $ret;
 }
 
Index: xoops2jp/html/include/notification_functions.php
diff -u xoops2jp/html/include/notification_functions.php:1.2 xoops2jp/html/include/notification_functions.php:1.3
--- xoops2jp/html/include/notification_functions.php:1.2	Fri Mar 18 21:51:55 2005
+++ xoops2jp/html/include/notification_functions.php	Mon Sep  5 05:46:09 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: notification_functions.php,v 1.2 2005/03/18 12:51:55 onokazu Exp $
+// $Id: notification_functions.php,v 1.3 2005/09/04 20:46:09 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
@@ -322,7 +322,7 @@
 	$all_categories =& notificationCategoryInfo ('', $module_id);
 
 	// FIXME: better or more standardized way to do this?
-	$script_url = explode('/', $_SERVER['PHP_SELF']);
+	$script_url = explode('/', xoops_getenv('PHP_SELF'));
 	$script_name = $script_url[count($script_url)-1];
 
 	$sub_categories = array();
Index: xoops2jp/html/include/registerform.php
diff -u xoops2jp/html/include/registerform.php:1.5 xoops2jp/html/include/registerform.php:1.6
--- xoops2jp/html/include/registerform.php:1.5	Sat Aug 13 12:41:44 2005
+++ xoops2jp/html/include/registerform.php	Mon Sep  5 05:46:09 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: registerform.php,v 1.5 2005/08/13 03:41:44 onokazu Exp $
+// $Id: registerform.php,v 1.6 2005/09/04 20:46:09 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
Index: xoops2jp/html/include/searchform.php
diff -u xoops2jp/html/include/searchform.php:1.3 xoops2jp/html/include/searchform.php:1.4
--- xoops2jp/html/include/searchform.php:1.3	Sat Aug 13 12:41:44 2005
+++ xoops2jp/html/include/searchform.php	Mon Sep  5 05:46:09 2005
@@ -1,5 +1,5 @@
 <?php
-// $Id: searchform.php,v 1.3 2005/08/13 03:41:44 onokazu Exp $
+// $Id: searchform.php,v 1.4 2005/09/04 20:46:09 onokazu Exp $
 //  ------------------------------------------------------------------------ //
 //                XOOPS - PHP Content Management System                      //
 //                    Copyright (c) 2000 XOOPS.org                           //
Index: xoops2jp/html/include/version.php
diff -u xoops2jp/html/include/version.php:1.9 xoops2jp/html/include/version.php:1.10
--- xoops2jp/html/include/version.php:1.9	Sat Aug 13 12:50:41 2005
+++ xoops2jp/html/include/version.php	Mon Sep  5 05:46:09 2005
@@ -1,4 +1,4 @@
 <?php
-// $Id: version.php,v 1.9 2005/08/13 03:50:41 onokazu Exp $
-define("XOOPS_VERSION","XOOPS 2.0.11.1 JP");
+// $Id: version.php,v 1.10 2005/09/04 20:46:09 onokazu Exp $
+define("XOOPS_VERSION","XOOPS 2.0.12 JP");
 ?>
\ No newline at end of file


xoops-cvslog メーリングリストの案内
Zurück zum Archiv-Index