WordPress.org
Get WordPress

Plugin Directory

Changeset 1460325


Ignore:
Timestamp:
07/25/2016 04:46:42 PM (10 years ago)
Author:
warkior
Message:

Potential security hole fixes.

Location:
formbuilder/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • formbuilder/trunk/extensions/formbuilder_xml_db_results.class.php

    r1030489 r1460325  
    580580        if(isset($_GET['searchQuery']))
    581581        {
    582             $searchQuery = $_GET['searchQuery'];
     582            $searchQuery = htmlentities($_GET['searchQuery']);
    583583        }
    584584       
     
    671671                    if(isset($_GET['formSearchQuery']) AND $_GET['formSearchQuery'] != "")
    672672                    {
    673                         $searchQuery = $_GET['formSearchQuery'];
     673                        $searchQuery = htmlentities($_GET['formSearchQuery'], ENT_QUOTES);
    674674                        $searchQuery = str_replace("\'", "", $searchQuery);
    675675                        $searchQuery = str_replace("'", "", $searchQuery);
     
    683683                <div class='formHeadBox'>
    684684                    <form name='formSearchBox' method='get' action=''>
    685                         <?php if(isset($_GET['page'])) { ?><input type="hidden" name="page" value="<?php echo $_GET['page']; ?>" /><?php } ?>
    686                         <?php if(isset($_GET['fbaction'])) { ?><input type="hidden" name="fbaction" value="<?php echo $_GET['fbaction']; ?>" /><?php } ?>
    687                         <?php if(isset($_GET['pageNumber'])) { ?><input type="hidden" name="pageNumber" value="<?php echo $_GET['pageNumber']; ?>" /><?php } ?>
    688                         <?php if(isset($_GET['formFilterID'])) { ?><input type="hidden" name="formFilterID" value="<?php echo $_GET['formFilterID']; ?>" /><?php } ?>
     685                        <?php if(isset($_GET['page'])) { ?><input type="hidden" name="page" value="<?php echo htmlentities($_GET['page']); ?>" /><?php } ?>
     686                        <?php if(isset($_GET['fbaction'])) { ?><input type="hidden" name="fbaction" value="<?php echo htmlentities($_GET['fbaction']); ?>" /><?php } ?>
     687                        <?php if(isset($_GET['pageNumber'])) { ?><input type="hidden" name="pageNumber" value="<?php echo htmlentities($_GET['pageNumber']); ?>" /><?php } ?>
     688                        <?php if(isset($_GET['formFilterID'])) { ?><input type="hidden" name="formFilterID" value="<?php echo htmlentities($_GET['formFilterID']); ?>" /><?php } ?>
    689689                        <input type="text" name="formSearchQuery" value="<?php echo $searchQuery; ?>" helptext="Search..." />
    690690                        <input type="submit" name="submit" value="Find" />
     
    736736                            <option value='orphaned' <?php if(isset($_GET['formFilterID']) AND $_GET['formFilterID'] == 'orphaned') { ?>selected='selected'<?php  } ?>>Show Orphaned Forms</option>
    737737                        </select>
    738                         <?php if(isset($_GET['page'])) { ?><input type="hidden" name="page" value="<?php echo $_GET['page']; ?>" /><?php } ?>
    739                         <?php if(isset($_GET['fbaction'])) { ?><input type="hidden" name="fbaction" value="<?php echo $_GET['fbaction']; ?>" /><?php } ?>
    740                         <?php if(isset($_GET['pageNumber'])) { ?><input type="hidden" name="pageNumber" value="<?php echo $_GET['pageNumber']; ?>" /><?php } ?>
    741                         <?php if(isset($_GET['formSearchQuery'])) { ?><input type="hidden" name="formSearchQuery" value="<?php echo $_GET['formSearchQuery']; ?>" /><?php } ?>
     738                        <?php if(isset($_GET['page'])) { ?><input type="hidden" name="page" value="<?php echo htmlentities($_GET['page']); ?>" /><?php } ?>
     739                        <?php if(isset($_GET['fbaction'])) { ?><input type="hidden" name="fbaction" value="<?php echo htmlentities($_GET['fbaction']); ?>" /><?php } ?>
     740                        <?php if(isset($_GET['pageNumber'])) { ?><input type="hidden" name="pageNumber" value="<?php echo htmlentities($_GET['pageNumber']); ?>" /><?php } ?>
     741                        <?php if(isset($_GET['formSearchQuery'])) { ?><input type="hidden" name="formSearchQuery" value="<?php echo htmlentities($_GET['formSearchQuery']); ?>" /><?php } ?>
    742742                        <input type="submit" name="submit" value="Go" />
    743743                    </form>

  • formbuilder/trunk/html/options_default.inc.php

    r906598 r1460325  
    3434        ?>
    3535        <form class='formSearch' name="formSearch" method="GET" action="<?php echo FB_ADMIN_PLUGIN_PATH; ?>">
    36             <input name='page' type="hidden" value="<?php echo $_GET['page']; ?>" />
    37             <input name='pageNumber' type="hidden" value="<?php echo $_GET['pageNumber']; ?>" />
     36            <input name='page' type="hidden" value="<?php echo htmlentities($_GET['page']); ?>" />
     37            <input name='pageNumber' type="hidden" value="<?php echo htmlentities($_GET['pageNumber']); ?>" />
    3838            <input name='formSearch' type="text" size="10" value="<?php echo $formSearch; ?>" />
    3939            <input class='searchButton' name='Search' type="submit" value="Search" />
     
    115115               
    116116                if(isset($_GET['pageNumber']))
    117                     $page = $_GET['pageNumber'];
     117                    $page = htmlentities($_GET['pageNumber']);
    118118                else
    119119                    $page = "";
     
    140140                    <div width='125' style='float: right; text-align: right;'>
    141141                        <?php echo $nav; ?>
    142                     </span>
     142                    </div>
    143143                </th>
    144144            </tr>

  • formbuilder/trunk/php/formbuilder_admin_functions.php

    r910179 r1460325  
    2424    function formbuilder_admin_alert($msg = '', $msg2 = '')
    2525    {
     26        $msg = htmlentities($msg);
     27        $msg2 = htmlentities($msg2);
    2628        if($msg2 AND $msg) echo "<div class='updated'><p><strong>$msg</strong><br/>$msg2</p></div>";
    2729        elseif($msg) echo "<div class='updated'><p><strong>$msg</strong></p></div>";
     
    3133    function formbuilder_admin_warning($msg = '', $msg2 = '')
    3234    {
     35        $msg = htmlentities($msg);
     36        $msg2 = htmlentities($msg2);
    3337        if($msg2 AND $msg) echo "<div class='error'><p><strong>$msg</strong><br/>$msg2</p></div>";
    3438        elseif($msg) echo "<div class='error'><p><strong>$msg</strong></p></div>";
     
    8387        // Allow for alternate systems to do something with the action.
    8488        // If nothing is returned, proceed with the regular built-in functions.
    85         $result = apply_filters('formbuilder_display_options_page', $_GET['fbaction']);
     89        $result = apply_filters('formbuilder_display_options_page', htmlentities($_GET['fbaction']));
    8690        if(!empty($result))
    8791            return;
     92
     93        $entityFbId = htmlentities($_GET['fbid']);
    8894       
    8995        switch($_GET['fbaction']) {
     
    94100
    95101            case "editForm":
    96                 formbuilder_options_editForm($_GET['fbid']);
     102                formbuilder_options_editForm($entityFbId);
    97103            break;
    98104
    99105            case "exportForm":
    100                 formbuilder_options_exportForm($_GET['fbid']);
     106                formbuilder_options_exportForm($entityFbId);
    101107            break;
    102108
     
    106112
    107113            case "editFormObject":
    108                 formbuilder_options_editFormObject($_GET['fbid']);
     114                formbuilder_options_editFormObject($entityFbId);
    109115            break;
    110116
    111117            case "copyForm":
    112                 formbuilder_options_copyForm($_GET['fbid']);
     118                formbuilder_options_copyForm($entityFbId);
    113119            break;
    114120
    115121            case "removeForm":
    116                 formbuilder_options_removeForm($_GET['fbid']);
     122                formbuilder_options_removeForm($entityFbId);
    117123            break;
    118124
     
    122128
    123129            case "editResponse":
    124                 formbuilder_options_editResponse($_GET['fbid']);
     130                formbuilder_options_editResponse($entityFbId);
    125131            break;
    126132
    127133            case "copyResponse":
    128                 formbuilder_options_copyResponse($_GET['fbid']);
     134                formbuilder_options_copyResponse($entityFbId);
    129135            break;
    130136
    131137            case "removeResponse":
    132                 formbuilder_options_removeResponse($_GET['fbid']);
     138                formbuilder_options_removeResponse($entityFbId);
    133139                formbuilder_options_default();
    134140            break;

  • formbuilder/trunk/php/formbuilder_parser.php

    r1030489 r1460325  
    4141    $field = $results[0];
    4242
    43     $field['value'] = trim($_GET['val']);
     43    $field['value'] = trim(htmlentities($_GET['val']));
    4444
    4545
Note: See TracChangeset for help on using the changeset viewer.