DevProTalk - Pogledajte određenu poruku

Ivan · 11. 01. 2007.

phpBB privmsg.php Cross-Site Request Forgery and Cross-Site Scripting

Quik fix (privmsg.php):

PHP kôd:


			


                       if (!($to_userdata = $db->sql_fetchrow($result)))

                       {

                               $error = TRUE;

                               $error_msg = $lang['No_such_user'];

Replace with:

PHP kôd:


			


                       if (!($to_userdata = $db->sql_fetchrow($result)))

                       {

                               $error = TRUE;

                               echo "Sorry, but no such user exists.";

                               exit;

11. 01. 2007.	#22
Ivan Psychedelictrance freak Wrote a book Datum učlanjenja: 04.06.2006 Lokacija: Srbija, Beograd Poruke: 1.008 Hvala: 325 933 "Hvala" u 34 poruka	phpBB privmsg.php Cross-Site Request Forgery and Cross-Site Scripting Quik fix (privmsg.php): PHP kôd: `if (!($to_userdata = $db->sql_fetchrow($result))) { $error = TRUE; $error_msg = $lang['No_such_user'];` Replace with: PHP kôd: `if (!($to_userdata = $db->sql_fetchrow($result))) { $error = TRUE; echo "Sorry, but no such user exists."; exit;` __________________ Testiranje bezbednosti web aplikacija