moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-05 00:46:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

XSS prevention in older PHP versions SC#190; merged from MOODLE_15_STABLE

Browse source
This commit is contained in:
skodak 2005-11-15 18:21:22 +00:00
parent 133c5c2792
commit 04eb5d5243
1 changed files with 20 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

31
admin/phpinfo.php
View file

@ -3,32 +3,37 @@
require_once("../config.php"); require_once("../config.php");
$topframe = optional_param('topframe', false, PARAM_BOOL);
$bottomframe = optional_param('bottomframe', false, PARAM_BOOL);
require_login(); require_login();
if (!isadmin()) { if (!isadmin()) {
error("Only the admin can use this page"); error("Only the admin can use this page");
} }
if (isset($topframe)) { if (!$topframe && !$bottomframe) {
?>
<head>
<title>PHP info</title>
</head>
<frameset rows="80,*">
<frame src="phpinfo.php?topframe=true&amp;sesskey=<?php echo $USER->sesskey ?>">
<frame src="phpinfo.php?bottomframe=true&amp;sesskey=<?php echo $USER->sesskey ?>">
</frameset>
<?php
} else if ($topframe && confirm_sesskey()) {
$stradministration = get_string("administration"); $stradministration = get_string("administration");
$site = get_site(); $site = get_site();
print_header("$site->shortname: phpinfo", "$site->fullname", print_header("$site->shortname: phpinfo", "$site->fullname",
"<a target=\"$CFG->framename\" href=\"index.php\">$stradministration</a> -> PHP info"); "<a target=\"$CFG->framename\" href=\"index.php\">$stradministration</a> -> PHP info");
exit; exit;
} } else if ($bottomframe && confirm_sesskey()) {
if (isset($bottomframe)) {
phpinfo(); phpinfo();
exit; exit;
} }
?> ?>
<head>
<title>PHP info</title>
</head>
<frameset rows="80,*">
<frame src="phpinfo.php?topframe=true">
<frame src="phpinfo.php?bottomframe=true">
</frameset>