Commit 4432a086 authored by Clément OUDOT's avatar Clément OUDOT

Apply patch to 1.4 branch (#LEMONLDAP-1050)

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/branches/lemonldap-ng_version_1_4-bugfixes@5297 1dbb9719-a921-0410-b57f-c3a383c2c641
parent beab01ec
......@@ -71,7 +71,7 @@ use Digest::MD5;
#inherits Apache::Session
#link Lemonldap::NG::Common::Apache::Session::SOAP protected globalStorage
our $VERSION = '1.4.9';
our $VERSION = '1.4.10';
use base qw(Lemonldap::NG::Common::CGI Exporter);
our @ISA;
......@@ -716,7 +716,8 @@ sub checkXSSAttack {
return 0 unless $value;
# Test value
if ( $value =~ m/(?:\0|<|'|"|`|\%(?:00|25|3C|22|27|2C))/ ) {
$value =~ s/\%25/\%/g;
if ( $value =~ m/(?:\0|<|'|"|`|\%(?:00|3C|22|27|2C))/ ) {
$self->lmLog( "XSS attack detected (param: $name | value: $value)",
"warn" );
return $self->{checkXSS};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment