makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/8713] Call htmlspecialchars_decode() on transfer (e.g. ftp) passwords.

Browse source 
PHPBB3-8713
This commit is contained in:
Andreas Fischer 2012-09-08 14:40:35 +02:00
parent f2607fc9e8
commit cc0c378caf
2 changed files with 40 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
phpBB/includes/acp/acp_language.php
View file

@ -100,11 +100,25 @@ class acp_language
switch ($method)
{
case 'ftp':
$transfer = new ftp(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new ftp(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
break;
case 'ftp_fsock':
$transfer = new ftp_fsock(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new ftp_fsock(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
break;
default:
@ -404,7 +418,14 @@ class acp_language
trigger_error($user->lang['INVALID_UPLOAD_METHOD'], E_USER_ERROR);
}
$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new $method(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
if (($result = $transfer->open_session()) !== true)
{

18
phpBB/install/install_update.php
View file

@ -862,7 +862,14 @@ class install_update extends module
$test_connection = false;
if ($test_ftp_connection || $submit)
{
$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new $method(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
$test_connection = $transfer->open_session();
// Make sure that the directory is correct by checking for the existence of common.php
@ -948,7 +955,14 @@ class install_update extends module
}
else
{
$transfer = new $method(request_var('host', ''), request_var('username', ''), $request->untrimmed_variable('password', ''), request_var('root_path', ''), request_var('port', ''), request_var('timeout', ''));
$transfer = new $method(
request_var('host', ''),
request_var('username', ''),
htmlspecialchars_decode($request->untrimmed_variable('password', '')),
request_var('root_path', ''),
request_var('port', ''),
request_var('timeout', '')
);
$transfer->open_session();
}