github
/
KodExplorer
mirror of https://github.com/kalcaddle/KodExplorer
1
0
Fork 0
Code Issues Releases Wiki Activity

file.php 

Fixed a Cross site scripting vulnerability discovered by Ben Khlifa Fahmi (https://www.benkhlifa.com/)
pull/296/head
xtnr3v0lt 2015-12-29 23:42:22 -05:00
parent 94ed0841e4
commit f249cef058
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
template/share/file.php
View File

@ -52,12 +52,12 @@
</div><!-- / frame-main end--> </div><!-- / frame-main end-->
<?php include(TEMPLATE.'common/footer.html');?> <?php include(TEMPLATE.'common/footer.html');?>
<script src="<?php echo STATIC_PATH;?>js/lib/seajs/sea.js?ver=<?php echo KOD_VERSION;?>"></script> <script src="<?php echo STATIC_PATH;?>js/lib/seajs/sea.js?ver=<?php echo KOD_VERSION;?>"></script>
<script src="./index.php?share/common_js&user=<?php echo $_GET['user'];?>&sid=<?php echo $_GET['sid'];?>&#=<?php echo rand_string(8);?>"></script> <script src="./index.php?share/common_js&user=<?php echo htmlentities($_GET['user']);?>&sid=<?php echo htmlentities($_GET['sid']);?>&#=<?php echo rand_string(8);?>"></script>
<script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ace.js?ver=<?php echo KOD_VERSION;?>"></script> <script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ace.js?ver=<?php echo KOD_VERSION;?>"></script>
<script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ext-static_highlight.js?ver=<?php echo KOD_VERSION;?>"></script> <script src="<?php echo STATIC_PATH;?>js/lib/ace/src-min-noconflict/ext-static_highlight.js?ver=<?php echo KOD_VERSION;?>"></script>
<script type="text/javascript"> <script type="text/javascript">
AUTH = {'explorer:fileDownload':<?php echo $can_download;?>}; AUTH = {'explorer:fileDownload':<?php echo $can_download;?>};
G.user = "<?php echo $_GET['user'];?>"; G.user = "<?php echo htmlentities($_GET['user']);?>";
G.path = "<?php echo (isset($_GET['path'])?urlencode($_GET['path']):'') ;?>"; G.path = "<?php echo (isset($_GET['path'])?urlencode($_GET['path']):'') ;?>";
G.sid = "<?php echo $_GET['sid'];?>"; G.sid = "<?php echo $_GET['sid'];?>";
G.share_info = <?php echo json_encode($share_info);?>; G.share_info = <?php echo json_encode($share_info);?>;
@ -72,4 +72,4 @@
seajs.use("app/src/share_index/main"); seajs.use("app/src/share_index/main");
</script> </script>
</body> </body>
</html> </html>