blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-06 14:49:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed possible XSS Attack when passing "javascript:" or different protocol handler als parameter

Browse Source
This commit is contained in:
Andreas Österreicher
2020-01-30 09:27:16 +01:00
parent 3bee0210a8
commit bb6ebc1521
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cis/index.php
+2 -2
View File
@@ -70,7 +70,7 @@ if(defined('CIS_CHECK_PASSWORD_CHANGE') && CIS_CHECK_PASSWORD_CHANGE==true)
*/
function validURLCheck($param)
{
if(strstr($param,'://'))
if(strstr($param,':'))
{
// Der APP_ROOT muss in der URL vorkommen, sonfern es kein relativer Pfad ist
// HTTPS und HTTP
@@ -170,7 +170,7 @@ $db = new basis_db();
<script type="text/javascript" src="../vendor/components/jqueryui/jquery-ui.min.js"></script>
<script type="text/javascript" src="../include/js/jquery.ui.datepicker.translation.js"></script>
<script type="text/javascript" src="../vendor/jquery/sizzle/sizzle.js"></script>
<link rel="stylesheet" type="text/css" href="../vendor/twbs/bootstrap/dist/css/bootstrap.min.css">
<link rel="stylesheet" type="text/css" href="../vendor/twbs/bootstrap/dist/css/bootstrap.min.css">
</head>
<script type="text/javascript">
function changeSprache(sprache)