Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-06 16:46:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

numClean and xssClean inputs

Browse Source
This commit is contained in:
Matt Pass
2016-08-25 17:01:23 +01:00
parent 8797e8f5e0
commit 83e7c62b9b
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/file-control-xhr.php
View File

@@ -230,7 +230,7 @@ if (!$error && $_GET['action']=="save") {
/* console.log(\'Calling \'+saveURL+\' via XHR\'); */
xhr.open("POST",saveURL,true);
xhr.setRequestHeader(\'Content-type\', \'application/x-www-form-urlencoded\');
xhr.send(\'timeStart='.$_POST["timeStart"].'&file='.$fileURL.'&newFileName=\'+newFileName.replace(/\\\+/g,"%2B")+\'&contents=\'+encodeURIComponent(top.ICEcoder.saveAsContent));
xhr.send(\'timeStart='.numClean($_POST["timeStart"]).'&file='.$fileURL.'&newFileName=\'+newFileName.replace(/\\\+/g,"%2B")+\'&contents=\'+encodeURIComponent(top.ICEcoder.saveAsContent));
top.ICEcoder.serverMessage("<b>'.$t['Saving'].'</b><br>" + "'.($finalAction == "Save" ? "newFileName" : "'".$fileName."'").'");
}
}
@@ -946,7 +946,7 @@ if (!isset($filemtime) && !is_dir($file)) {
$filemtime = $serverType=="Linux" ? filemtime($file) : "1000000";
}
// Set $timeStart, use 0 if not available
$timeStart = isset($_POST["timeStart"]) ? $_POST["timeStart"] : 0;
$timeStart = isset($_POST["timeStart"]) ? numClean($_POST["timeStart"]) : 0;
if (isset($ftpSite)) {
// Get info on dir/file now
@@ -979,12 +979,12 @@ echo '{
"exists": '.$itemExists.'
},
"action": {
"initial" : "'.$_GET["action"].'",
"initial" : "'.xssClean($_GET['action'],"html").'",
"final" : "'.$finalAction.'",
"timeStart": '.$timeStart.',
"timeEnd": 0,
"timeTaken": 0,
"csrf": "'.$_GET["csrf"].'",
"csrf": "'.xssClean($_GET['csrf'],"html").'",
"doNext" : "'.preg_replace('/\r|\n/','',str_replace(' ','',str_replace('"','\"',$doNext))).'top.ICEcoder.switchMode();"
},
"status": {