Still fixing regressions caused by Trac#446: XSS vulnerabilities...

SVN:trunk[1450]
2026-04-24 11:08:45 +02:00 · 2011-08-12 10:06:33 +00:00
parent 96f3350029
commit b02021a4ff
7 changed files with 53 additions and 41 deletions
--- a/webservices/cron.php
+++ b/webservices/cron.php
@@ -32,9 +32,9 @@ require_once(APPROOT.'/application/startup.inc.php');



-function ReadMandatoryParam($oP, $sParam)
+function ReadMandatoryParam($oP, $sParam, $sSanitizationFilter = 'parameter')
 {
-	$sValue = utils::ReadParam($sParam, null, true /* Allow CLI */);
+	$sValue = utils::ReadParam($sParam, null, true /* Allow CLI */, $sSanitizationFilter);
 	if (is_null($sValue))
 	{
 		$oP->p("ERROR: Missing argument '$sParam'\n");
@@ -130,8 +130,8 @@ if (utils::IsModeCLI())
 	// Next steps:
 	//   specific arguments: 'csvfile'
 	//   
-	$sAuthUser = ReadMandatoryParam($oP, 'auth_user');
-	$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd');
+	$sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data');
+	$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data');
 	if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd))
 	{
 		UserRights::Login($sAuthUser); // Login & set the user's language