diff options
| author | Paul Arthur <paul.arthur@flowerysong.com> | 2013-02-07 15:20:44 -0500 |
|---|---|---|
| committer | Paul Arthur <paul.arthur@flowerysong.com> | 2013-02-07 15:20:44 -0500 |
| commit | 266f7cea9bd51df298cc45fbb8abb39a1375acd2 (patch) | |
| tree | f35aef5619aa5fe9d099dd46af91a81722b9f96e | |
| parent | 79b6eb98e7506c9074d737c452e90732c6cd4afd (diff) | |
| download | ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.tar.gz ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.tar.bz2 ampache-266f7cea9bd51df298cc45fbb8abb39a1375acd2.zip | |
Fix persistent XSS vulnerabilities in AJAX editing
Based on merge request #22 from Jean-Lou Hau, but does the escaping for
everything and in a different place.
| -rwxr-xr-x | docs/CHANGELOG | 2 | ||||
| -rw-r--r-- | server/ajax.server.php | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/docs/CHANGELOG b/docs/CHANGELOG index c0cec19a..82ffa1a6 100755 --- a/docs/CHANGELOG +++ b/docs/CHANGELOG @@ -4,6 +4,8 @@ -------------------------------------------------------------------------- v.3.6-FUTURE + - Fixed persistent XSS vulnerabilities in AJAX object editing (reported by + Jean-Lou Hau) - Fixed character set detection for ID3v1 tags - Added matroska to the list of known tag types - Made the getID3 metadata source work better with tag types that Ampache diff --git a/server/ajax.server.php b/server/ajax.server.php index 52175876..80609567 100644 --- a/server/ajax.server.php +++ b/server/ajax.server.php @@ -158,6 +158,10 @@ switch ($_REQUEST['action']) { ob_end_clean(); break; case 'edit_object': + // Scrub the data + foreach ($_POST as $key => $data) { + $_POST[$key] = scrub_in($data); + } $level = '50'; |