Fixed Trac#446: XSS vulnerabilities... to be tested !

Also fixed the display/download links on documents that were both doing exactly the same thing ! SVN:trunk[1443]
2026-02-13 07:24:13 +01:00 · 2011-08-11 10:17:03 +00:00
parent a129c9814f
commit 6859326646
24 changed files with 248 additions and 159 deletions
--- a/synchro/replica.php
+++ b/synchro/replica.php
@@ -48,7 +48,7 @@ try
 		break;
 		
 		case 'oql':
-		$sOQL = utils::ReadParam('oql', null);
+		$sOQL = utils::ReadParam('oql', null, false, 'raw_data');
 		if ($sOQL == null)
 		{
 			throw new ApplicationException(Dict::Format('UI:Error:1ParametersMissing', 'oql'));
--- a/synchro/synchro_import.php
+++ b/synchro/synchro_import.php
@@ -273,7 +273,7 @@ else
 	require_once(APPROOT.'/application/loginwebpage.class.inc.php');
 	LoginWebPage::DoLogin(); // Check user rights and prompt if needed

-	$sCSVData = utils::ReadPostedParam('csvdata');
+	$sCSVData = utils::ReadPostedParam('csvdata', '', 'raw_data');
 }