From 8e67e3290e40728c81ff5bcc667bb3119715b437 Mon Sep 17 00:00:00 2001 From: Justin Grimes Date: Tue, 11 Feb 2020 20:22:23 -0500 Subject: [PATCH] v2.6 - Improve sanitization per Issue #4 -v2.6. -Improve sanitization per Issue #4. -Github user @robre pointed out some typos in sanitizeCore.php, specifically lines 95 & line 96 from v2.4. -These bugs mean to me that I need to review more of this code. -Thank you, @robre! --- CHANGELOG.txt | 10 ++++++++++ convertCore.php | 2 +- sanitizeCore.php | 4 ++-- versionInfo.php | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 2c82381..f83d4b1 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,13 @@ +COMMIT - 2/11/2020 +v2.6 - Improve sanitization per Issue #4. + +-v2.6. +-Improve sanitization per Issue #4. +-Github user @robre pointed out some typos in sanitizeCore.php, specifically lines 95 & line 96 from v2.4. +-These bugs mean to me that I need to review more of this code. +-Thank you, @robre! + +-------------------- COMMIT 11/18/2018 v2.4 - Improve sanitization. diff --git a/convertCore.php b/convertCore.php index 954b84e..1be35dd 100644 --- a/convertCore.php +++ b/convertCore.php @@ -51,7 +51,7 @@ // / ----------------------------------------------------------------------------------- // / The following code sets the global variables for the session. -$HRConvertVersion = 'v2.5'; +$HRConvertVersion = 'v2.6'; $Date = date("m_d_y"); $Time = date("F j, Y, g:i a"); $JanitorFile = 'janitor.php'; diff --git a/sanitizeCore.php b/sanitizeCore.php index f0b9876..94b1d69 100644 --- a/sanitizeCore.php +++ b/sanitizeCore.php @@ -92,8 +92,8 @@ // / Must specify $_POST['filesToDownload'] as a string or an array of filenames in the CloudLoc. if (isset($_POST['download'])) { $download = htmlentities(str_replace('..', '', str_replace(str_split('~#[]{};:$!#^&%@>*<|'), '', $_POST['download'])), ENT_QUOTES, 'UTF-8'); - if (isset($_POST['filesToUpload'])) { - $_POST['filesToDownload'] = htmlentities(sstr_replace('..', '', tr_replace(str_split('\\/~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8'); + if (isset($_POST['filesToDownload'])) { + $_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('\\/~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8'); if (!is_array($_POST['filesToDownload'])) { $_POST['filesToDownload'] = array($_POST['filesToDownload']); $_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8'); } } } diff --git a/versionInfo.php b/versionInfo.php index 9a7ef5f..c3e26d0 100644 --- a/versionInfo.php +++ b/versionInfo.php @@ -1,4 +1,4 @@