From 9cb4fec5fe177f1d3716708b46d1958eac477ebe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Jacquet?=
<francoisjacquet@users.noreply.github.com>
Date: Mon, 8 Jun 2020 19:45:27 +0200
Subject: [PATCH] Fix #282 XSS URL encode key
---
CHANGES.md | 4 ++++
functions/PreparePHP_SELF.fnc.php | 14 +++++++-------
2 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/CHANGES.md b/CHANGES.md
index 64186f091..7e12db926 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,10 @@
# CHANGES
## RosarioSIS Student Information System
+Changes in 6.5.2
+----------------
+- Fix #282 XSS URL encode key in PreparePHP_SELF.php
+
Changes in 6.5.1
----------------
- Move header action hook above form in StudentPayments.php
diff --git a/functions/PreparePHP_SELF.fnc.php b/functions/PreparePHP_SELF.fnc.php
index de1706d9c..ec97d7b7a 100644
--- a/functions/PreparePHP_SELF.fnc.php
+++ b/functions/PreparePHP_SELF.fnc.php
@@ -76,29 +76,29 @@ function PreparePHP_SELF( $tmp_REQUEST = array(), $remove = array(), $add = arra
{
if ( $value3 !== '' )
{
- $PHP_tmp_SELF .= '&' . $key . '[' . $key1 . '][' . $key2 . '][' . $key3 . ']=' .
- _myURLEncode( $value3 );
+ $PHP_tmp_SELF .= '&' . _myURLEncode( $key ) .
+ '[' . _myURLEncode( $key1 ) . '][' . _myURLEncode( $key2 ) .
+ '][' . _myURLEncode( $key3 ) . ']=' . _myURLEncode( $value3 );
}
}
}
elseif ( $value2 !== '' )
{
- $PHP_tmp_SELF .= '&' . $key . '[' . $key1 . '][' . $key2 . ']=' .
- _myURLEncode( $value2 );
+ $PHP_tmp_SELF .= '&' . _myURLEncode( $key ) . '[' . _myURLEncode( $key1 ) .
+ '][' . _myURLEncode( $key2 ) . ']=' . _myURLEncode( $value2 );
}
}
}
elseif ( $value1 !== '' )
{
- $PHP_tmp_SELF .= '&' . $key . '[' . $key1 . ']=' .
+ $PHP_tmp_SELF .= '&' . _myURLEncode( $key ) . '[' . _myURLEncode( $key1 ) . ']=' .
_myURLEncode( $value1 );
}
}
}
elseif ( $value !== '' )
{
- $PHP_tmp_SELF .= '&' . $key . "=" .
- _myURLEncode( $value );
+ $PHP_tmp_SELF .= '&' . _myURLEncode( $key ) . "=" . _myURLEncode( $value );
}
}
--
GitLab