fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 11072 XSS vulnerability SOLVED

Browse Source 
- In the warning message the data sent are not correctly sanitized
- Sanitize the data before send the message
This commit is contained in:
Julio Cesar Laura
2013-03-28 13:29:50 -04:00
parent 803402e12b
commit 80ab898c7e
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
workflow/engine/methods/login/retrivePassword.php
View File

@@ -115,7 +115,7 @@ if ($userData['USR_EMAIL'] != '' && $userData['USR_EMAIL'] === $data['USR_EMAIL'
G::SendTemporalMessage ($e->getMessage(), "warning", 'string'); G::SendTemporalMessage ($e->getMessage(), "warning", 'string');
} }
} else { } else {
$msg = G::LoadTranslation('ID_USER') . ' ' . $data['USR_USERNAME'] . ' '. G::LoadTranslation('ID_IS_NOT_REGISTERED'); $msg = G::LoadTranslation('ID_USER') . ' ' . htmlentities($data['USR_USERNAME'], ENT_QUOTES, 'UTF-8') . ' '. G::LoadTranslation('ID_IS_NOT_REGISTERED');
G::SendTemporalMessage ($msg, "warning", 'string'); G::SendTemporalMessage ($msg, "warning", 'string');
G::header('location: forgotPassword'); G::header('location: forgotPassword');
} }