1
0
Fork 0

Sanitize 'page' GET parameter in login.php

master
Anonymous Contributor 2023-08-23 18:16:34 +02:00
parent 588beb3c05
commit 6a6e7db2ce
1 changed files with 3 additions and 3 deletions

View File

@ -43,7 +43,7 @@
$_SESSION['DISPLAYNAME'] = strtoupper(trim($_POST['username'])); $_SESSION['DISPLAYNAME'] = strtoupper(trim($_POST['username']));
$_SESSION['LOGIN'] = 'true'; $_SESSION['LOGIN'] = 'true';
header("Location: index.php?page=".$_REQUEST['page']); header("Location: index.php?page=".urlencode($_REQUEST['page']));
die(); die();
} }
} }
@ -56,8 +56,8 @@
} }
} }
if(file_exists("./pages/".@$_REQUEST['page'].".php")) if(isset($_REQUEST['page']) && preg_match('[0-9a-zA-Z]{1-100}') && file_exists("./pages/".$_REQUEST['page'].".php"))
$HTML->ReplaceLayoutInhalt("%%PAGENAME%%", @$_REQUEST['page']); $HTML->ReplaceLayoutInhalt("%%PAGENAME%%", urlencode($_REQUEST['page']));
$HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", ""); $HTML->ReplaceLayoutInhalt("%%LOGINMESSAGE%%", "");
$HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", ""); $HTML->ReplaceLayoutInhalt("%%LASTUSERNAME%%", "");