ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

handle undefined HTTP_REFERER, and escape zone name

pull/4202/head
Isaac Connor 2022-04-27 21:52:31 -04:00
parent 6d1c759dab
commit bdd2d171c6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/skins/classic/views/zone.php
View File

@ -131,7 +131,7 @@ xhtmlHeaders(__FILE__, translate('Zone'));
</div>
<div id="content">
<form name="zoneForm" id="zoneForm" method="post" action="?">
<input type="hidden" name="REFERER" value="<?php echo $_SERVER['HTTP_REFERER'] ?>"/>
<input type="hidden" name="REFERER" value="<?php echo isset($_SERVER['HTTP_REFERER']) ? validHtmlStr($_SERVER['HTTP_REFERER']) : '' ?>"/>
<input type="hidden" name="view" value="<?php echo $view ?>"/>
<input type="hidden" name="action" value="zone"/>
<input type="hidden" name="mid" value="<?php echo $mid ?>"/>
@ -183,7 +183,7 @@ if ( count($other_zones) ) {
<tbody>
<tr>
<th scope="row"><?php echo translate('Name') ?></th>
<td colspan="2"><input type="text" name="newZone[Name]" value="<?php echo $newZone['Name'] ?>"/></td>
<td colspan="2"><input type="text" name="newZone[Name]" value="<?php echo validHtmlStr($newZone['Name']) ?>"/></td>
</tr>
<tr>
<th scope="row"><?php echo translate('Type') ?></th>