Skip to content

Commit

Permalink
v2.6 - Improve sanitization per Issue #4
Browse files Browse the repository at this point in the history
-v2.6.
-Improve sanitization per Issue #4.
-Github user @robre pointed out some typos in sanitizeCore.php, specifically lines 95 & line 96 from v2.4.
-These bugs mean to me that I need to review more of this code.
-Thank you, @robre!
  • Loading branch information
zelon88 committed Feb 12, 2020
1 parent 5cf72aa commit 8e67e32
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 4 deletions.
10 changes: 10 additions & 0 deletions CHANGELOG.txt
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
COMMIT - 2/11/2020
v2.6 - Improve sanitization per Issue #4.

-v2.6.
-Improve sanitization per Issue #4.
-Github user @robre pointed out some typos in sanitizeCore.php, specifically lines 95 & line 96 from v2.4.
-These bugs mean to me that I need to review more of this code.
-Thank you, @robre!

--------------------
COMMIT 11/18/2018
v2.4 - Improve sanitization.

Expand Down
2 changes: 1 addition & 1 deletion convertCore.php
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@

// / -----------------------------------------------------------------------------------
// / The following code sets the global variables for the session.
$HRConvertVersion = 'v2.5';
$HRConvertVersion = 'v2.6';
$Date = date("m_d_y");
$Time = date("F j, Y, g:i a");
$JanitorFile = 'janitor.php';
Expand Down
4 changes: 2 additions & 2 deletions sanitizeCore.php
Original file line number Diff line number Diff line change
Expand Up @@ -92,8 +92,8 @@
// / Must specify $_POST['filesToDownload'] as a string or an array of filenames in the CloudLoc.
if (isset($_POST['download'])) {
$download = htmlentities(str_replace('..', '', str_replace(str_split('~#[]{};:$!#^&%@>*<|'), '', $_POST['download'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['filesToUpload'])) {
$_POST['filesToDownload'] = htmlentities(sstr_replace('..', '', tr_replace(str_split('\\/~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8');
if (isset($_POST['filesToDownload'])) {
$_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('\\/~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8');
if (!is_array($_POST['filesToDownload'])) {
$_POST['filesToDownload'] = array($_POST['filesToDownload']);
$_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8'); } } }
Expand Down
2 changes: 1 addition & 1 deletion versionInfo.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<?php
// / This file contains the current HRConvert2 version for auto-update purposes.

$Version = 'v2.5';
$Version = 'v2.6';

0 comments on commit 8e67e32

Please sign in to comment.