diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2006-10-08 12:05:23 +0200 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2006-10-08 12:05:23 +0200 |
| commit | 02b0b681935185a1c4d2d64e76fe499f3d438d12 (patch) | |
| tree | 67be0215dcee66121bafd54a9a78fd3e17c5b83c /lib/exe/fetch.php | |
| parent | 10ffc9dd6a89562ef502baa21f968cf269fe21b0 (diff) | |
| download | rpg-02b0b681935185a1c4d2d64e76fe499f3d438d12.tar.gz rpg-02b0b681935185a1c4d2d64e76fe499f3d438d12.tar.bz2 | |
strip controlchars in fetch.php #935
Fixes a header injection/XSS vulnerability
darcs-hash:20061008100523-7ad00-be06a942badb6a2a9ed862be003ee0050504b4b0.gz
Diffstat (limited to 'lib/exe/fetch.php')
| -rw-r--r-- | lib/exe/fetch.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/exe/fetch.php b/lib/exe/fetch.php index 343145c54..f33f7b0cc 100644 --- a/lib/exe/fetch.php +++ b/lib/exe/fetch.php @@ -20,7 +20,7 @@ $mimetypes = getMimeTypes(); //get input - $MEDIA = getID('media',false); // no cleaning - maybe external + $MEDIA = stripctl(getID('media',false)); // no cleaning except control chars - maybe external $CACHE = calc_cache($_REQUEST['cache']); $WIDTH = (int) $_REQUEST['w']; $HEIGHT = (int) $_REQUEST['h']; |