LBRYFoundation/pool
1
0
Fork 0
mirror of https://github.com/LBRYFoundation/pool.git synced 2025-09-21 02:19:47 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

security: protect XSS seekers from their own hacks

Browse source
This commit is contained in:
Tanguy Pruvot 2018-04-10 11:22:14 +02:00
parent 60fb627ad9
commit e97ea63c61
3 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
web/yaamp/modules/renting/login.php
View file

@ -13,6 +13,9 @@ $this->widget('UniForm');
$address = getparam('address'); $address = getparam('address');
if($address == 0) $address = ''; if($address == 0) $address = '';
if (!empty($address) && preg_match('/[^A-Za-z0-9]/', $address)) {
die;
}
echo <<<end echo <<<end

4
web/yaamp/modules/site/wallet.php
View file

@ -14,6 +14,10 @@ foreach($raw_recents as $addr) {
} }
$address = getparam('address'); $address = getparam('address');
if (!empty($address) && preg_match('/[^A-Za-z0-9]/', $address)) {
// Just to make happy XSS seekers who can hack their own browser html...
die;
}
$drop_address = getparam('drop'); $drop_address = getparam('drop');
if (!empty($drop_address)) { if (!empty($drop_address)) {

3
web/yaamp/modules/trading/index.php
View file

@ -10,6 +10,9 @@ JavascriptFile("/extensions/jqplot/plugins/jqplot.highlighter.js");
$height = '240px'; $height = '240px';
$wallet = user()->getState('yaamp-wallet'); $wallet = user()->getState('yaamp-wallet');
if (!empty($wallet) && preg_match('/[^A-Za-z0-9]/', $wallet)) {
die;
}
$user = getuserparam($wallet); $user = getuserparam($wallet);
$algo_unit = 'Mh'; $algo_unit = 'Mh';