diff options
| author | Damien Regad <dregad@mantisbt.org> | 2016-08-29 00:50:41 +0200 |
|---|---|---|
| committer | Damien Regad <dregad@mantisbt.org> | 2016-08-29 00:50:41 +0200 |
| commit | ecb93d8c1fd3bbde62aca9c3a13c32f077da2da8 (patch) | |
| tree | f43709a50c4dcd347242b2c603d47dcf54248e3b /tests | |
| parent | 003177761f5d4decaae2de8be2236f7311b426c2 (diff) | |
| download | adodb-ecb93d8c1fd3bbde62aca9c3a13c32f077da2da8.tar.gz adodb-ecb93d8c1fd3bbde62aca9c3a13c32f077da2da8.tar.bz2 adodb-ecb93d8c1fd3bbde62aca9c3a13c32f077da2da8.zip | |
Tests: fix XSS vulnerability
This issue was reported by JPCERT Coordination Center (JPCERT/CC) with
reference JVN#48237713.
The root cause is a foreach loop processing all GET parameters and
blindly assigning them to variables, allowing an attacker to
replace contents of global variables.
This limits variable processing using a regex matching those used in
testdatabases.inc.php (i.e. beginning with 'test' or 'no').
Fixes #274
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test.php | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/tests/test.php b/tests/test.php index f3991ff2..382dd3e0 100644 --- a/tests/test.php +++ b/tests/test.php @@ -1741,8 +1741,11 @@ if (sizeof($_GET) == 0) $testmysql = true; foreach($_GET as $k=>$v) { - //global $$k; - $$k = $v; + // XSS protection (see Github issue #274) - only set variables for + // expected get parameters used in testdatabases.inc.php + if(preg_match('/^(test|no)\w+$/', $k)) { + $$k = $v; + } } ?> |