Changeset 75105 in spip-zone for _core_/securite/ecran_securite.php


Ignore:
Timestamp:
Aug 29, 2013, 6:54:33 PM (7 years ago)
Author:
fil@…
Message:

supprimer ? et <, pas seulement <? (Michael Meyer)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • _core_/securite/ecran_securite.php

    r72990 r75105  
    66 */
    77
    8 define('_ECRAN_SECURITE', '1.1.7'); // 24 mai 2013
     8define('_ECRAN_SECURITE', '1.1.8'); // 2013-08-29
    99
    1010/*
     
    254254        AND
    255255        // cas qui permettent de sortir d'un commentaire PHP
    256         (strpos($_REQUEST['connect'], "?".">")!==false
     256        (strpos($_REQUEST['connect'], "?")!==false
     257         OR strpos($_REQUEST['connect'], ">")!==false
    257258         OR strpos($_REQUEST['connect'], "\n")!==false
    258259         OR strpos($_REQUEST['connect'], "\r")!==false)
    259260        ) {
    260         $_REQUEST['connect'] = str_replace(array("?".">", "\r", "\n"), "", $_REQUEST['connect']);
     261        $_REQUEST['connect'] = str_replace(array("?", ">", "\r", "\n"), "", $_REQUEST['connect']);
    261262        if (isset($_GET['connect'])) $_GET['connect'] = $_REQUEST['connect'];
    262263        if (isset($_POST['connect'])) $_POST['connect'] = $_REQUEST['connect'];
Note: See TracChangeset for help on using the changeset viewer.