Changeset 117851 in spip-zone


Ignore:
Timestamp:
Sep 16, 2019, 9:38:19 AM (16 months ago)
Author:
cedric@…
Message:

Mise a jour de l'ecran de securite, v1.3.12

File:
1 edited

Legend:

Unmodified
Added
Removed
  • _core_/securite/ecran_securite.php

    r114858 r117851  
    66 */
    77
    8 define('_ECRAN_SECURITE', '1.3.11'); // 2019-04-08
     8define('_ECRAN_SECURITE', '1.3.12'); // 2019-09-16
    99
    1010/*
     
    476476
    477477/*
     478 * Pas d'action pendant l'install
     479 */
     480if (isset($_REQUEST['exec']) and $_REQUEST['exec'] === 'install' and isset($_REQUEST['action'])) {
     481        $ecran_securite_raison = 'install&action impossibles';
     482}
     483
     484/*
    478485 * Échappement xss referer
    479486 */
     
    487494if (isset($_SERVER['HTTP_X_FORWARDED_HOST']))
    488495        $_SERVER['HTTP_X_FORWARDED_HOST'] = strtr($_SERVER['HTTP_X_FORWARDED_HOST'], "<>?\"\{\}\$'` \r\n", '____________');
     496
     497
     498/*
     499 * Pas d'erreur dans l'erreur
     500 */
     501if (isset($_REQUEST['var_erreur']) and isset($_REQUEST['page']) and $_REQUEST['page'] === 'login') {
     502        if (strlen($_REQUEST['var_erreur']) !== strcspn($_REQUEST['var_erreur'], '<>'))
     503                $ecran_securite_raison = 'var_erreur incorrecte';
     504}
    489505
    490506
Note: See TracChangeset for help on using the changeset viewer.