These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /**************************************************************************** |
||
3 | * ./lang/de/ocstyle/varset.inc.php |
||
4 | * ------------------- |
||
5 | * begin : Mon June 14 2004 |
||
6 | * |
||
7 | * For license information see LICENSE.md |
||
8 | ****************************************************************************/ |
||
9 | |||
10 | /**************************************************************************** |
||
11 | * |
||
12 | * |
||
13 | * template specific variables setup |
||
14 | ****************************************************************************/ |
||
15 | |||
16 | //set all main template replacement to default values |
||
17 | |||
18 | tpl_set_var('htmlheaders', ''); |
||
19 | tpl_set_var('lang', $lang); |
||
20 | tpl_set_var('style', $style); |
||
21 | tpl_set_var('loginbox', ' '); |
||
22 | tpl_set_var( |
||
23 | 'functionsbox', |
||
24 | '<a href="index.php?page=suche">' . t('Search') . '</a> | <a href="index.php?page=sitemap">' . t('Sitemap') . '</a>' |
||
25 | ); |
||
26 | tpl_set_var('runtime', ''); |
||
27 | |||
28 | //set up main template specific string |
||
29 | $sLoggedOut = |
||
30 | '<form action="' . ($opt['page']['https']['force_login'] ? $opt['page']['absolute_https_url'] : '') . 'login.php" method="post" enctype="application/x-www-form-urlencoded" name="login" dir="ltr" style="display: inline;"><b>' |
||
31 | . t('User:') |
||
32 | . '</b> <input name="email" size="10" type="text" class="textboxes" value="" /> <b>' |
||
33 | . t('Password:') |
||
34 | . '</b> <input name="password" size="10" type="password" class="textboxes" value="" /> <input type="hidden" name="action" value="login" /><input type="hidden" name="target" value="{target}" /><input type="hidden" name="source" value="titlebar" /> <input type="submit" name="LogMeIn" value="' |
||
35 | . t('Login') |
||
36 | . '" class="formbutton" style="width: 74px;" onclick="submitbutton(\'LogMeIn\')" /></form>'; |
||
37 | $sLoggedIn = |
||
38 | "<b>" |
||
39 | . t('Logged in as') |
||
40 | . ' <a href="myhome.php" class="testing-top-left-corner-username">{username}</a></b> - <a href="login.php?action=logout">' |
||
41 | . t('Logout') |
||
42 | . '</a></b>'; |
||
43 | |||
44 | // target in Loginbox setzen |
||
45 | $target = basename($_SERVER['PHP_SELF']) . '?'; |
||
46 | |||
47 | // REQUEST-Variablen durchlaufen und an target anhaengen |
||
48 | $allowed = ['cacheid', 'userid', 'logid', 'desclang', 'descid']; |
||
49 | reset($_REQUEST); |
||
50 | while (list($varname, $varvalue) = each($_REQUEST)) { |
||
51 | if (in_array($varname, $allowed)) { |
||
52 | $target .= $varname . '=' . $varvalue . '&'; |
||
53 | } |
||
54 | } |
||
55 | View Code Duplication | if (mb_substr($target, - 1) == '?' || mb_substr($target, - 1) == '&') { |
|
56 | $target = mb_substr($target, 0, - 1); |
||
57 | } |
||
58 | $sLoggedOut = mb_ereg_replace('{target}', $target, $sLoggedOut); |
||
0 ignored issues
–
show
|
|||
59 | |||
60 | $functionsbox_start_tag = ''; |
||
61 | $functionsbox_middle_tag = ' | '; |
||
62 | $functionsbox_end_tag = ''; |
||
63 | |||
64 | $tpl_subtitle = ''; |
||
65 | |||
66 | //other vars |
||
67 | $login_required = t('Please login to continue:'); |
||
68 | |||
69 | $dberrormsg = t('A database command could not be performed.'); |
||
70 | |||
71 | $error_prefix = '<span class="errormsg">'; |
||
72 | $error_suffix = '</span>'; |
||
73 | |||
74 | $htmlnotice = |
||
75 | '<tr><td class="spacer" colspan="2"></td></tr> |
||
76 | <tr> |
||
77 | <td class="help" colspan="2"> |
||
78 | <img src="lang/de/ocstyle/images/misc/hint.gif" border="0" width="15" height="11" alt="' . t('Notice') . '" title="' . t('Notice') . '" /> |
||
79 | ' . t('Your HTML code will be changed again by a special filter. This is necessary to avoid dangerous HTML-tags, |
||
80 | such as <script>. A list of allowed HTML tags, you can find |
||
81 | <a href="articles.php?page=htmltags">here</a>') . ' |
||
82 | </td> |
||
83 | </tr> |
||
84 | '; |
||
85 |
$target
can contain request data and is used in code execution context(s) leading to a potential security vulnerability.2 paths for user data to reach this point
PHP_SELF
from$_SERVER,
and$_SERVER['PHP_SELF']
is escaped by basename() for file context(s), and$target
is assigned in htdocs/lang/de/ocstyle/varset.inc.php on line 45PHP_SELF
from$_SERVER,
and$_SERVER['PHP_SELF']
is escaped by basename() for file context(s), and$target
is assignedin htdocs/lang/de/ocstyle/varset.inc.php on line 45
$_REQUEST,
and$_REQUEST
is passed through each(), and$varname
is assigned in htdocs/lang/de/ocstyle/varset.inc.php on line 50$_REQUEST,
and$_REQUEST
is passed through each(), and$varname
is assignedin htdocs/lang/de/ocstyle/varset.inc.php on line 50
$target
is assignedin htdocs/lang/de/ocstyle/varset.inc.php on line 52
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
For numeric data, we recommend to explicitly cast the data: