net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-cmd-exploit.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

From 64668e882b8866fae0fa1b25375d1a2f3b4672e2 Mon Sep 17 00:00:00 2001
From: Deon George <wurley@users.sf.net>
Date: Wed, 27 Jul 2011 07:30:06 +1000
Subject: [PATCH] Remove XSS vulnerabilty in debug code

---
 htdocs/cmd.php |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/htdocs/cmd.php b/htdocs/cmd.php
index 34f3848..0ddf004 100644
--- a/htdocs/cmd.php
+++ b/htdocs/cmd.php
@@ -19,10 +19,6 @@ $www['meth'] = get_request('meth','REQUEST');
 ob_start();
 
 switch ($www['cmd']) {
-	case '_debug':
-		debug_dump($_REQUEST,1);
-		break;
-
 	default:
 		if (defined('HOOKSDIR') && file_exists(HOOKSDIR.$www['cmd'].'.php'))
 			$app['script_cmd'] = HOOKSDIR.$www['cmd'].'.php';
-- 
1.7.4.1