syn2cat
/
errorpage
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fixing xss reported by @defane

master
Thierry Degeling 2015-04-25 14:45:15 +02:00
parent 66c75225ae
commit 7d269b106e
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
index-large.php
View File

@ -1,5 +1,4 @@
<?php <?php
$code = $_GET["code"];
$number = array('oh!', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine'); $number = array('oh!', 'one', 'two', 'three', 'four', 'five', 'six', 'seven', 'eight', 'nine');
$description = array ( $description = array (
401 => "of something you cannot see<br />because you are not logged in", 401 => "of something you cannot see<br />because you are not logged in",
@ -7,11 +6,16 @@
404 => 'sorry, that page doesn\'t<br />exist or has been moved', 404 => 'sorry, that page doesn\'t<br />exist or has been moved',
500 => "of something that cannot be shown<br />because the server failed to process it" 500 => "of something that cannot be shown<br />because the server failed to process it"
); );
if ( !array_key_exists( $_GET["code"] , $description ) ) {
$code = '500';
} else {
$code = $_GET["code"];
}
?> ?>
<!doctype html> <!doctype html>
<html> <html>
<head> <head>
<title>Error <?php echo $_GET["code"]?></title> <title>Error <?=$code?></title>
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<style type="text/css"> <style type="text/css">
@font-face{ @font-face{