lkddi/nexusphp
1
0
Fork 0
mirror of https://github.com/lkddi/nexusphp.git synced 2026-04-15 21:41:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix xss

Browse Source
This commit is contained in:
xiaomlove
2023-05-15 03:45:51 +08:00
parent b9eb7080ce
commit ace061c034
2 changed files with 26 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
include/functions.php
View File

@@ -69,7 +69,10 @@ function stdmsg($heading, $text, $htmlstrip = false)
if ($htmlstrip) {
$heading = htmlspecialchars(trim($heading));
$text = htmlspecialchars(trim($text));
}
} else {
$heading = strip_tags($heading, '<a>');
$text = strip_tags($text, '<a>');
}
print("<table align=\"center\" class=\"main\" width=\"500\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\"><tr><td class=\"embedded\">\n");
if ($heading)
print("<h2>".$heading."</h2>\n");
@@ -3002,22 +3005,22 @@ function logincookie($id, $passhash, $updatedb = 1, $expires = 0x7fffffff, $secu
if ($expires != 0x7fffffff)
$expires = time()+$expires;
setcookie("c_secure_uid", base64($id), $expires, "/");
setcookie("c_secure_pass", $passhash, $expires, "/");
setcookie("c_secure_uid", base64($id), $expires, "/", "", false, true);
setcookie("c_secure_pass", $passhash, $expires, "/", "", false, true);
if($ssl)
setcookie("c_secure_ssl", base64("yeah"), $expires, "/");
setcookie("c_secure_ssl", base64("yeah"), $expires, "/", "", false, true);
else
setcookie("c_secure_ssl", base64("nope"), $expires, "/");
setcookie("c_secure_ssl", base64("nope"), $expires, "/", "", false, true);
if($trackerssl)
setcookie("c_secure_tracker_ssl", base64("yeah"), $expires, "/");
setcookie("c_secure_tracker_ssl", base64("yeah"), $expires, "/", "", false, true);
else
setcookie("c_secure_tracker_ssl", base64("nope"), $expires, "/");
setcookie("c_secure_tracker_ssl", base64("nope"), $expires, "/", "", false, true);
if ($securelogin)
setcookie("c_secure_login", base64("yeah"), $expires, "/");
setcookie("c_secure_login", base64("yeah"), $expires, "/", "", false, true);
else
setcookie("c_secure_login", base64("nope"), $expires, "/");
setcookie("c_secure_login", base64("nope"), $expires, "/", "", false, true);
if ($updatedb)
@@ -3029,7 +3032,7 @@ function set_langfolder_cookie($folder, $expires = 0x7fffffff)
if ($expires != 0x7fffffff)
$expires = time()+$expires;
setcookie("c_lang_folder", $folder, $expires, "/");
setcookie("c_lang_folder", $folder, $expires, "/", "", false, true);
}
function get_protocol_prefix()
@@ -3073,12 +3076,12 @@ function make_folder($pre, $folder_name)
}
function logoutcookie() {
setcookie("c_secure_uid", "", 0x7fffffff, "/");
setcookie("c_secure_pass", "", 0x7fffffff, "/");
// setcookie("c_secure_ssl", "", 0x7fffffff, "/");
setcookie("c_secure_tracker_ssl", "", 0x7fffffff, "/");
setcookie("c_secure_login", "", 0x7fffffff, "/");
// setcookie("c_lang_folder", "", 0x7fffffff, "/");
setcookie("c_secure_uid", "", 0x7fffffff, "/", "", false, true);
setcookie("c_secure_pass", "", 0x7fffffff, "/", "", false, true);
// setcookie("c_secure_ssl", "", 0x7fffffff, "/", "", false, true);
setcookie("c_secure_tracker_ssl", "", 0x7fffffff, "/", "", false, true);
setcookie("c_secure_login", "", 0x7fffffff, "/", "", false, true);
// setcookie("c_lang_folder", "", 0x7fffffff, "/", "", false, true);
}
function base64 ($string, $encode=true) {