ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Prevent XSS from COOKIE poisoning

pull/3812/head
Isaac Connor 2024-01-25 19:23:28 -05:00
parent bf32bd6926
commit d8f36e4ef9
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
web/skins/classic/views/cycle.php
View File

@ -96,28 +96,30 @@ zm_session_start();
if ( isset($_REQUEST['scale']) ) {
$options['scale'] = validInt($_REQUEST['scale']);
} else if ( isset($_COOKIE['zmCycleScale']) ) {
$options['scale'] = $_COOKIE['zmCycleScale'];
$options['scale'] = validInt($_COOKIE['zmCycleScale']);
} else if ( $monitor ) {
$options['scale'] = $monitor->DefaultScale();
$options['scale'] = validInt($monitor->DefaultScale());
}
if ( !isset($options['scale']) )
$options['scale'] = 100;
if ( isset($_COOKIE['zmCycleWidth']) and $_COOKIE['zmCycleWidth'] ) {
$_COOKIE['zmCycleWidth'] = preg_replace('/[^0-9A-Za-z%]/', '', $_COOKIE['zmCycleWidth']);
$_SESSION['zmCycleWidth'] = $options['width'] = $_COOKIE['zmCycleWidth'];
#} elseif ( isset($_SESSION['zmCycleWidth']) and $_SESSION['zmCycleWidth'] ) {
#$options['width'] = $_SESSION['zmCycleWidth'];
} else {
$options['width'] = '';
$options['width'] = 'auto';
}
if ( isset($_COOKIE['zmCycleHeight']) and $_COOKIE['zmCycleHeight'] ) {
$_COOKIE['zmCycleHeight'] = preg_replace('/[^0-9A-Za-z%]/', '', $_COOKIE['zmCycleHeight']);
$_SESSION['zmCycleHeight'] = $options['height'] = $_COOKIE['zmCycleHeight'];
#else if ( isset($_SESSION['zmCycleHeight']) and $_SESSION['zmCycleHeight'] )
#$options['height'] = $_SESSION['zmCycleHeight'];
} else {
$options['height'] = '';
$options['height'] = 'auto';
}
session_write_close();