RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[FIX] XSS Vulnerability

Browse Source
This commit is contained in:
Sebastian Grewe 2013-11-02 18:57:35 +01:00
parent 83ee00259f
commit d25cfb0001
7 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
public/templates/mmcFE/admin/user/default.tpl
View File

@ -26,7 +26,7 @@
<form action="{$smarty.server.PHP_SELF}" method="POST" id='query'>
<input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="query" value="{$smarty.request.query|default:"%"}">
<input type="text" class="pin" name="query" value="{$smarty.request.query|default:"%"|escape}">
<input type="submit" class="submit small" value="Query">
</form>
{include file="global/block_footer.tpl"}

6
public/templates/mmcFE/statistics/round/block_stats.tpl
View File

@ -61,9 +61,9 @@
</table></td>
<td class="right">
<form action="{$smarty.server.PHP_SELF}" method="POST" id='search'>
<input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"}">
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"|escape}">
<input type="submit" class="submit small" value="Search">
</form></td></tr>
</tbody></table>

6
public/templates/mmcFE/statistics/round/pplns_block_stats.tpl
View File

@ -2,9 +2,9 @@
<br>
<center>
<form action="{$smarty.server.PHP_SELF}" method="POST" id='search'>
<input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"}">
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"|escape}">
<input type="submit" class="submit small" value="Search">
</form>
</center>

2
public/templates/mpos/admin/user/default.tpl
View File

@ -100,7 +100,7 @@
<form action="{$smarty.server.PHP_SELF}" method="POST" id='query'>
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
<input type="text" class="pin" name="query" value="{$smarty.request.query|default:"%"}">
<input type="text" class="pin" name="query" value="{$smarty.request.query|default:"%"|escape}">
<input type="submit" value="Query" class="alt_btn">
</form>
</div>

6
public/templates/mpos/statistics/round/block_stats.tpl
View File

@ -44,9 +44,9 @@
<footer>
<div class="submit_link">
<form action="{$smarty.server.PHP_SELF}" method="POST" id='search'>
<input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"}">
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"|escape}">
<input type="submit" value="Search" class="alt_btn">
</form>
</div>

6
public/templates/mpos/statistics/round/pplns_block_stats.tpl
View File

@ -85,9 +85,9 @@
<footer>
<div class="submit_link">
<form action="{$smarty.server.PHP_SELF}" method="POST" id='search'>
<input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"}">
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"|escape}">
<input type="submit" value="Search" class="alt_btn">
</form>
</div>

6
public/templates/mpos/statistics/round/pplns_block_stats_small.tpl
View File

@ -74,9 +74,9 @@
<footer>
<div class="submit_link">
<form action="{$smarty.server.PHP_SELF}" method="POST" id='search'>
<input type="hidden" name="page" value="{$smarty.request.page}">
<input type="hidden" name="action" value="{$smarty.request.action}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"}">
<input type="hidden" name="page" value="{$smarty.request.page|escape}">
<input type="hidden" name="action" value="{$smarty.request.action|escape}">
<input type="text" class="pin" name="search" value="{$smarty.request.height|default:"%"|escape}">
<input type="submit" value="Search" class="alt_btn">
</form>
</div>