lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-03 14:10:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix xss

Browse Source
This commit is contained in:
xiaomlove
2023-05-15 03:45:51 +08:00
parent b9eb7080ce
commit ace061c034
2 changed files with 26 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
include/functions.php
View File

@@ -69,7 +69,10 @@ function stdmsg($heading, $text, $htmlstrip = false)
if ($htmlstrip) {
$heading = htmlspecialchars(trim($heading));
$text = htmlspecialchars(trim($text));
}
} else {
$heading = strip_tags($heading, '<a>');
$text = strip_tags($text, '<a>');
}
print("<table align=\"center\" class=\"main\" width=\"500\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td class=\"embedded\">\n");
if ($heading)
print("<h2>".$heading."</h2>\n");
@@ -3002,22 +3005,22 @@ function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff, $secu
if ($expires != 0x7fffffff)
$expires = time()+$expires;
setcookie("c_secure_uid", base64($id), $expires, "/");
setcookie("c_secure_pass", $passhash, $expires, "/");
setcookie("c_secure_uid", base64($id), $expires, "/", "", false, true);
setcookie("c_secure_pass", $passhash, $expires, "/", "", false, true);
if($ssl)
setcookie("c_secure_ssl", base64("yeah"), $expires, "/");
setcookie("c_secure_ssl", base64("yeah"), $expires, "/", "", false, true);
else
setcookie("c_secure_ssl", base64("nope"), $expires, "/");
setcookie("c_secure_ssl", base64("nope"), $expires, "/", "", false, true);
if($trackerssl)
setcookie("c_secure_tracker_ssl", base64("yeah"), $expires, "/");
setcookie("c_secure_tracker_ssl", base64("yeah"), $expires, "/", "", false, true);
else
setcookie("c_secure_tracker_ssl", base64("nope"), $expires, "/");
setcookie("c_secure_tracker_ssl", base64("nope"), $expires, "/", "", false, true);
if ($securelogin)
setcookie("c_secure_login", base64("yeah"), $expires, "/");
setcookie("c_secure_login", base64("yeah"), $expires, "/", "", false, true);
else
setcookie("c_secure_login", base64("nope"), $expires, "/");
setcookie("c_secure_login", base64("nope"), $expires, "/", "", false, true);
if ($updatedb)
@@ -3029,7 +3032,7 @@ function set_langfolder_cookie($folder, $expires = 0x7fffffff)
if ($expires != 0x7fffffff)
$expires = time()+$expires;
setcookie("c_lang_folder", $folder, $expires, "/");
setcookie("c_lang_folder", $folder, $expires, "/", "", false, true);
}
function get_protocol_prefix()
@@ -3073,12 +3076,12 @@ function make_folder($pre, $folder_name)
}
function logoutcookie() {
setcookie("c_secure_uid", "", 0x7fffffff, "/");
setcookie("c_secure_pass", "", 0x7fffffff, "/");
// setcookie("c_secure_ssl", "", 0x7fffffff, "/");
setcookie("c_secure_tracker_ssl", "", 0x7fffffff, "/");
setcookie("c_secure_login", "", 0x7fffffff, "/");
// setcookie("c_lang_folder", "", 0x7fffffff, "/");
setcookie("c_secure_uid", "", 0x7fffffff, "/", "", false, true);
setcookie("c_secure_pass", "", 0x7fffffff, "/", "", false, true);
// setcookie("c_secure_ssl", "", 0x7fffffff, "/", "", false, true);
setcookie("c_secure_tracker_ssl", "", 0x7fffffff, "/", "", false, true);
setcookie("c_secure_login", "", 0x7fffffff, "/", "", false, true);
// setcookie("c_lang_folder", "", 0x7fffffff, "/", "", false, true);
}
function base64 ($string, $encode=true) {

14
public/friends.php
View File

@@ -73,9 +73,10 @@ if ($action == 'delete')
if (!is_valid_id($targetid))
stderr($lang_friends['std_error'], $lang_friends['std_invalid_id']."$userid.");
if (!$sure)
stderr($lang_friends['std_delete'].$type, $lang_friends['std_delete_note'].$typename.$lang_friends['std_click'].
"<a href=?id=$userid&action=delete&type=$type&targetid=$targetid&sure=1>".$lang_friends['std_here_if_sure'],false);
if (!$sure) {
stderr($lang_friends['std_delete'].$type, $lang_friends['std_delete_note'].$typename.$lang_friends['std_click'].
"<a href=?id=$userid&action=delete&type=$type&targetid=$targetid&sure=1>".$lang_friends['std_here_if_sure'],false);
}
if ($type == 'friend')
{
@@ -90,10 +91,9 @@ if ($action == 'delete')
if (mysql_affected_rows() == 0)
stderr($lang_friends['std_error'], $lang_friends['std_no_block_found']."$targetid");
$frag = "blocks";
}
else
stderr($lang_friends['std_error'], $lang_friends['std_unknown_type']."$type");
} else {
stderr($lang_friends['std_error'], $lang_friends['std_unknown_type']."$type");
}
purge_neighbors_cache();