WordPress.org

1. Vladimir Kolesnikov
   Member
   Posted 1 year ago #

   Advisory: http://www.autosectools.com/Advisories/WordPress.BezahlCode-Generator.1.0_Reflected.Cross-site.Scripting_80.html

   Patch:

   --- der_generator.orig.php  2011-02-09 04:52:27.000000000 +0200
   +++ der_generator.php   2011-02-09 05:00:20.457537559 +0200
   @@ -16,15 +16,15 @@
    <label for="singlepaymentspende"><input type="radio" id="singlepaymentspende" name="gen_type" value="singlepaymentspende" <?php if($_REQUEST['gen_type']=="singlepaymentspende") echo 'checked="checked"'?>/> Spendenzahlung</label><br />
    <label for="singledirectdebit"><input type="radio" id="singledirectdebit" name="gen_type" value="singledirectdebit" <?php if($_REQUEST['gen_type']=="singledirectdebit") echo 'checked="checked"'?>/> Lastschrift</label><br />
   
   -Name:<br /><input type="text" tooltipText="Format: DTAUS Text" id="gen_name" onblur="checkInput(this, 'dtaus')" name="gen_name" maxlength="27" value="<?= isset($_REQUEST['gen_name'])?$_REQUEST['gen_name']:""?>">
   +Name:<br /><input type="text" tooltipText="Format: DTAUS Text" id="gen_name" onblur="checkInput(this, 'dtaus')" name="gen_name" maxlength="27" value="<?= isset($_REQUEST['gen_name'])?esc_attr($_REQUEST['gen_name']):""?>">
    <br />
   -Kontonummer:<br /><input type="text" tooltipText="Format: Ganzzahl z.B. 1234" id="gen_account" onblur="checkInput(this, 'ganzzahl')" name="gen_account" value="<?= isset($_REQUEST['gen_account'])?$_REQUEST['gen_account']:""?>" >
   +Kontonummer:<br /><input type="text" tooltipText="Format: Ganzzahl z.B. 1234" id="gen_account" onblur="checkInput(this, 'ganzzahl')" name="gen_account" value="<?= isset($_REQUEST['gen_account'])?esc_attr($_REQUEST['gen_account']):""?>" >
    <br />
   -BLZ:<br /><input type="text" tooltipText="Format: Ganzzahl z.B. 1234" id="gen_BNC" onblur="checkInput(this, 'ganzzahl')" name="gen_BNC" value="<?= isset($_REQUEST['gen_BNC'])?$_REQUEST['gen_BNC']:""?>" >
   +BLZ:<br /><input type="text" tooltipText="Format: Ganzzahl z.B. 1234" id="gen_BNC" onblur="checkInput(this, 'ganzzahl')" name="gen_BNC" value="<?= isset($_REQUEST['gen_BNC'])?esc_attr($_REQUEST['gen_BNC']):""?>" >
    <br />
   -Betrag in Euro (z.B. 1234,50) <br /><input type="text" tooltipText="Format: Dezimalzahl z.B. 1234,50" onblur="checkInput(this, 'dezimalzahl')" id="gen_amount" name="gen_amount" value="<?= isset($_REQUEST['gen_amount'])?$_REQUEST['gen_amount']:""?>" >
   +Betrag in Euro (z.B. 1234,50) <br /><input type="text" tooltipText="Format: Dezimalzahl z.B. 1234,50" onblur="checkInput(this, 'dezimalzahl')" id="gen_amount" name="gen_amount" value="<?= isset($_REQUEST['gen_amount'])?esc_attr($_REQUEST['gen_amount']):""?>" >
    <br />
   -Verwendungszweck:<br /><input type="text" id="gen_reason" tooltipText="Format: DTAUS Text" onblur="checkInput(this, 'dtaus')" name="gen_reason" maxlength="54" value="<?= isset($_REQUEST['gen_reason'])?$_REQUEST['gen_reason']:""?>" >
   +Verwendungszweck:<br /><input type="text" id="gen_reason" tooltipText="Format: DTAUS Text" onblur="checkInput(this, 'dtaus')" name="gen_reason" maxlength="54" value="<?= isset($_REQUEST['gen_reason'])?esc_attr($_REQUEST['gen_reason']):""?>" >
    <br/>
    <input type="button" value="Erstellen" onclick='javascript:generateImage();'>
    </form>

   Description (Russian)

   http://wordpress.org/extend/plugins/bezahlcode-generator/

Topic Closed

This topic has been closed to new replies.