mirror of
https://github.com/friendica/friendica
synced 2024-05-21 11:06:42 +02:00
Hypolite Petovan
5c5d7eb04f
* Escape HTML in the location field of a calendar event post - This allowed script tags to be interpreted in the post display of an event. * Add form security token check to /admin/phpinfo module - This prevents basic XSS attacks against /admin/phpinfo * Add form security token check to /babel module - This prevents basic XSS attacks against /babel * Prevent pass-through for attachments - This addresses a straightforward Reflected XSS vulnerability if a malicious HTML/Javascript file is attached to a post through upload * Prevent overwriting cid on event edit - This allowed to share an event as any other user after zeroing the cid field of an existing event
39 lines
1.1 KiB
PHP
39 lines
1.1 KiB
PHP
<?php
|
|
/**
|
|
* @copyright Copyright (C) 2010-2024, the Friendica project
|
|
*
|
|
* @license GNU AGPL version 3 or any later version
|
|
*
|
|
* This program is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License as
|
|
* published by the Free Software Foundation, either version 3 of the
|
|
* License, or (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License
|
|
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
namespace Friendica\Module\Admin;
|
|
|
|
use Friendica\Core\System;
|
|
use Friendica\Module\BaseAdmin;
|
|
|
|
class PhpInfo extends BaseAdmin
|
|
{
|
|
protected function rawContent(array $request = [])
|
|
{
|
|
self::checkAdminAccess();
|
|
|
|
self::checkFormSecurityTokenForbiddenOnError('phpinfo', 't');
|
|
|
|
phpinfo();
|
|
System::exit();
|
|
}
|
|
}
|