moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-03 16:13:28 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

XSS prevention in older PHP versions SC#190; merged from MOODLE_15_STABLE

Browse source
This commit is contained in:
skodak 2005-11-15 18:21:22 +00:00
parent 133c5c2792
commit 04eb5d5243
1 changed files with 20 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

35
admin/phpinfo.php
View file

@ -3,32 +3,37 @@
require_once("../config.php");
$topframe = optional_param('topframe', false, PARAM_BOOL);
$bottomframe = optional_param('bottomframe', false, PARAM_BOOL);
require_login();
if (!isadmin()) {
error("Only the admin can use this page");
}
if (isset($topframe)) {
if (!$topframe && !$bottomframe) {
?>
<head>
<title>PHP info</title>
</head>
<frameset rows="80,*">
<frame src="phpinfo.php?topframe=true&amp;sesskey=<?php echo $USER->sesskey ?>">
<frame src="phpinfo.php?bottomframe=true&amp;sesskey=<?php echo $USER->sesskey ?>">
</frameset>
<?php
} else if ($topframe && confirm_sesskey()) {
$stradministration = get_string("administration");
$site = get_site();
print_header("$site->shortname: phpinfo", "$site->fullname",
print_header("$site->shortname: phpinfo", "$site->fullname",
"<a target=\"$CFG->framename\" href=\"index.php\">$stradministration</a> -> PHP info");
exit;
}
if (isset($bottomframe)) {
} else if ($bottomframe && confirm_sesskey()) {
phpinfo();
exit;
}
?>
<head>
<title>PHP info</title>
</head>
<frameset rows="80,*">
<frame src="phpinfo.php?topframe=true">
<frame src="phpinfo.php?bottomframe=true">
</frameset>