ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix xss reported by Noccolo Picca relating to not sanitizing connkey

pull/3051/head
Isaac Connor 2020-09-16 14:14:31 -04:00
parent 147238027c
commit 9268db14a7
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/skins/classic/views/download.php
View File

@ -62,7 +62,7 @@ if ( !empty($_REQUEST['eid']) ) {
}
$focusWindow = true;
$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey();
$connkey = isset($_REQUEST['connkey']) ? validInt($_REQUEST['connkey']) : generateConnKey();
xhtmlHeaders(__FILE__, translate('Download'));
?>
@ -75,7 +75,7 @@ xhtmlHeaders(__FILE__, translate('Download'));
<h2><?php echo translate('Download') ?></h2>
</div>
<div id="content">
<form name="contentForm" id="contentForm" method="post" action="<?php echo $_SERVER['PHP_SELF'] ?>">
<form name="contentForm" id="contentForm" method="post" action="?">
<input type="hidden" name="connkey" value="<?php echo $connkey; ?>"/>
<?php
if ( !empty($_REQUEST['eid']) ) {

2
web/skins/classic/views/export.php
View File

@ -55,7 +55,7 @@ if (isset($_REQUEST['exportFormat'])) {
}
$focusWindow = true;
$connkey = isset($_REQUEST['connkey']) ? $_REQUEST['connkey'] : generateConnKey();
$connkey = isset($_REQUEST['connkey']) ? validInt($_REQUEST['connkey']) : generateConnKey();
xhtmlHeaders(__FILE__, translate('Export'));
?>