From 3bdc7f5908ad19af2fc31b873cd07eadeb801bd5 Mon Sep 17 00:00:00 2001 From: Renato Botelho Date: Thu, 20 Nov 2014 10:25:28 -0200 Subject: Remove debugging code that can lead us to XSS injection, also pass variables through htmlspecialchars() to sanitize --- usr/local/www/installer/installer.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'usr/local/www') diff --git a/usr/local/www/installer/installer.php b/usr/local/www/installer/installer.php index e2ae09c..05f10b9 100644 --- a/usr/local/www/installer/installer.php +++ b/usr/local/www/installer/installer.php @@ -497,7 +497,7 @@ function verify_before_install() { } if(!$bootmanager) $bootmanager = $_REQUEST['bootmanager']; - echo "\n\n"; + // echo "\n\n"; $disk = pcsysinstall_get_disk_info(htmlspecialchars($_REQUEST['disk'])); $disksize = format_bytes($disk['size'] * 1048576); // Loop through posted items and create an array @@ -535,7 +535,7 @@ function verify_before_install() { $tmparray['encpass'] = $_REQUEST['encpass' . $x]; $disks[] = $tmparray; } - echo "\n \n"; + // echo "\n \n"; $bootmanagerupper = strtoupper($bootmanager); echo << @@ -595,11 +595,11 @@ EOFAMBACBAF; foreach($disks as $disk) { $desc = pcsysinstall_get_disk_info($disk['disk']); echo ""; - echo "   {$disk['mountpoint']}"; - echo "{$disk['fstype']}"; - echo "{$disk['disk']} {$desc['desc']}"; - echo "{$disk['size']}"; - echo "{$disk['encpass']}"; + echo "   " . htmlspecialchars($disk['mountpoint']) . ""; + echo "" . htmlspecialchars($disk['fstype']) . ""; + echo "" . htmlspecialchars($disk['disk']) . " " . htmlspecialchars($desc['desc']) . ""; + echo "" . htmlspecialchars($disk['size']) . ""; + echo "" . htmlspecialchars($disk['encpass']) . ""; echo ""; } @@ -970,7 +970,7 @@ EOF; $first_disk_size = $size - $swap_size; // Debugging - echo "\n\n\n\n"; + // echo "\n\n\n\n"; // Check to see if a on disk layout exists if(file_exists("/tmp/webInstaller_disk_layout.txt")) { -- cgit v1.1