while testing Pagemanager_XH I had a strange timeout behaviour while clicking the menu link to a page with title 'i'. Thanks to XHdebugmode I was able to locate the error in cms.php line 125. The code is:
Code: Select all
if (sv('QUERY_STRING') != '') {
$rq = explode('&', sv('QUERY_STRING'));
if (!strpos($rq[0], '='))$su = $rq[0];
$v = count($rq);
for($i = 0; $i < $v; $i++)if(!strpos($rq[$i], '='))$GLOBALS[$rq[$i]] = 'true';
}
Okay, you might say, that's not a big problem, cause nobody will title a page 'i' in the real world.
But what is with other globals? E.g. a user might call his page hjs, because his name is Henry John Smith, or su, because he's a unix geek. I've not tested those cases, but IMHO it's perhaps not the best idea to set a global by a query param without a check. At least a malicious attacker could use the ?i to keep a CMSimple server very busy
Christoph