Modify

Opened 12 years ago

Closed 12 years ago

#33 closed Neues Feature (fixed)

Meldungsparameter in der URL nur noch mit Konstantennamen übergeben

Reported by: Ronald Parcinski Owned by: Gerhard Waldemair
Priority: normal Milestone: modified-shop-2.0.0.0
Component: Admin Version: 1.06
Keywords: Cc:
Blocked By: Blocking:

Description

Aus

xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=' . urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED), 'SSL'));

würde dann

xtc_redirect(xtc_href_link(FILENAME_CHECKOUT_PAYMENT, 'error_message=ERROR_NO_PAYMENT_MODULE_SELECTED', 'SSL'));

Und auf den Anzeigeseiten wird dann einfach nur die Konstanteninhalt zur Anzeige gebracht

Damit sind dann evtl. XSS Angriffe und auch urlencode Probleme gelöst

Attachments (0)

Change History (1)

comment:1 by Ronald Parcinski, 12 years ago

Resolution: fixed
Status: newclosed

In 6295:

fix ticket #33, fix ticket #30

Modify Ticket

Action
as closed The owner will remain Gerhard Waldemair.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.