From 2a43a3a4463c26013068f83974acb3b13387f5ca Mon Sep 17 00:00:00 2001 From: Julian Merkle Date: Sun, 25 Mar 2018 17:29:15 +0200 Subject: [PATCH 1/3] Fix reflected XSS in list_rankup.php --- stats/list_rankup.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/stats/list_rankup.php b/stats/list_rankup.php index 846c953..0fc3c48 100644 --- a/stats/list_rankup.php +++ b/stats/list_rankup.php @@ -144,6 +144,8 @@ if(!isset($_GET["user"])) { $user_pro_seite = preg_replace('/\D/', '', $_GET["user"]); } +$getstring = htmlspecialchars($getstring); + $start = ($seite * $user_pro_seite) - $user_pro_seite; if ($keysort == 'active' && $keyorder == 'asc') { From 1603e9269e7fc5938d8844253016b5a89b4d4973 Mon Sep 17 00:00:00 2001 From: Julian Merkle Date: Sun, 25 Mar 2018 18:34:21 +0200 Subject: [PATCH 2/3] Move encoding up --- stats/list_rankup.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/stats/list_rankup.php b/stats/list_rankup.php index 0fc3c48..cf489e3 100644 --- a/stats/list_rankup.php +++ b/stats/list_rankup.php @@ -28,8 +28,9 @@ if(!isset($_SESSION[$rspathhex.'tsuid'])) { set_session_ts3($ts['voice'], $mysqlcon, $dbname, $language, $adminuuid); } +$_GET["search"] = htmlspecialchars($_POST['usersuche']); + if(isset($_POST['username'])) { - $_GET["search"] = strip_tags(htmlspecialchars($_POST['usersuche'])); $_GET["seite"] = 1; } $filter=''; @@ -144,8 +145,6 @@ if(!isset($_GET["user"])) { $user_pro_seite = preg_replace('/\D/', '', $_GET["user"]); } -$getstring = htmlspecialchars($getstring); - $start = ($seite * $user_pro_seite) - $user_pro_seite; if ($keysort == 'active' && $keyorder == 'asc') { From 681cb5dfc6d18bafeed2173f634594dae856b648 Mon Sep 17 00:00:00 2001 From: Julian Merkle Date: Sun, 25 Mar 2018 18:43:41 +0200 Subject: [PATCH 3/3] Move encoding to the correct position --- stats/list_rankup.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/stats/list_rankup.php b/stats/list_rankup.php index cf489e3..87c5078 100644 --- a/stats/list_rankup.php +++ b/stats/list_rankup.php @@ -28,15 +28,14 @@ if(!isset($_SESSION[$rspathhex.'tsuid'])) { set_session_ts3($ts['voice'], $mysqlcon, $dbname, $language, $adminuuid); } -$_GET["search"] = htmlspecialchars($_POST['usersuche']); - if(isset($_POST['username'])) { $_GET["seite"] = 1; + $_GET["search"] = $_POST['usersuche']; } $filter=''; $searchstring=''; if(isset($_GET["search"]) && $_GET["search"] != '') { - $getstring = $_GET['search']; + $getstring = htmlspecialchars($_GET['search']); } if(isset($getstring) && strstr($getstring, 'filter:excepted:')) { if(str_replace('filter:excepted:','',$getstring)!='') {