CVE-2015-10052: fixed security vulnerability in redirect (missing validation) · calesanz/gibb-modul-151@88a517d

Permalink

Browse files

fixed security vulnerability in redirect (missing validation)

• Loading branch information

1 parent 36298e9 commit 88a517dc19443081210c804b655e72770727540d

Showing 15 changed files with 29 additions and 3,650 deletions.

• • DAGuestBookEntry.php
• • gaestebuchController.php
  • userController.php
• • foundation.css
• • foundation.min.js
  • • fastclick.js
    • jquery.cookie.js
    • jquery.js
    • modernizr.js
    • placeholder.js
• • Dispatcher.php
  • Redirector.php
• modernizr.js
• • gaestebuch.anzeigen.php
  • gaestebuch.php

@@ -17,7 +17,7 @@ function find($id) {

return $entry;

}

function findAll() {

$sql = 'SELECT * FROM GuestBookEntry’;

$sql = 'SELECT * FROM GuestBookEntry ORDER BY CreatedAt DESC’;

$stmt = self::getConnection ()->prepare ( $sql );

$stmt->execute ();

@@ -43,8 +43,7 @@ public function bearbeiten($param, $data, $session) {

$errors .= \BO\BOGuestBook::save ( $guestbook );

if ($errirs == “”) {

// Redirect back

header ( “Location: $backurl” );

header ( “HTTP/1.1 302 Found” );

\Redirector::redirect($backurl);

return;

}

}

@@ -42,9 +42,7 @@ public function login($param, $data, $session) {

$_SESSION [‘userId’] = $user->Id;

$_SESSION [‘FullName’] = $user->FullName;

// Logged In

header ( “Location: $backurl” );

header ( “HTTP/1.1 302 Found” );

\Redirector::redirect($backurl);

return;

} else

$errorMessage = "Incorrect credentials!";

0 comments on commit 88a517d

Please sign in to comment.