v2.6 - Improve sanitization per Issue #4

zelon88 · zelon88 · commit 8e67e3290e40 · 2020-02-11T20:22:23.000-05:00
-v2.6. -Improve sanitization per Issue #4. -Github user @robre pointed out some typos in sanitizeCore.php, specifically lines 95 & line 96 from v2.4. -These bugs mean to me that I need to review more of this code. -Thank you, @robre!
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -1,3 +1,13 @@
+COMMIT - 2/11/2020
+v2.6 - Improve sanitization per Issue #4.
+
+-v2.6.
+-Improve sanitization per Issue #4.
+-Github user @robre pointed out some typos in sanitizeCore.php, specifically lines 95 & line 96 from v2.4.
+-These bugs mean to me that I need to review more of this code.
+-Thank you, @robre!
+
+--------------------
 COMMIT 11/18/2018
 v2.4 - Improve sanitization.
 
diff --git a/convertCore.php b/convertCore.php
@@ -51,7 +51,7 @@
 
 // / -----------------------------------------------------------------------------------
 // / The following code sets the global variables for the session.
-$HRConvertVersion = 'v2.5';
+$HRConvertVersion = 'v2.6';
 $Date = date("m_d_y");
 $Time = date("F j, Y, g:i a"); 
 $JanitorFile = 'janitor.php';
diff --git a/sanitizeCore.php b/sanitizeCore.php
@@ -92,8 +92,8 @@
   // / Must specify $_POST['filesToDownload'] as a string or an array of filenames in the CloudLoc.
 if (isset($_POST['download'])) {
   $download = htmlentities(str_replace('..', '', str_replace(str_split('~#[]{};:$!#^&%@>*<|'), '', $_POST['download'])), ENT_QUOTES, 'UTF-8'); 
-  if (isset($_POST['filesToUpload'])) {
-    $_POST['filesToDownload'] = htmlentities(sstr_replace('..', '', tr_replace(str_split('\\/~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8');   
+  if (isset($_POST['filesToDownload'])) {
+    $_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('\\/~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8');   
     if (!is_array($_POST['filesToDownload'])) {
       $_POST['filesToDownload'] = array($_POST['filesToDownload']); 
       $_POST['filesToDownload'] = htmlentities(str_replace('..', '', str_replace(str_split('~#[]{};:$!#^&%@>*<|"\''), '', $_POST['filesToDownload'])), ENT_QUOTES, 'UTF-8'); } } }
diff --git a/versionInfo.php b/versionInfo.php
@@ -1,4 +1,4 @@
 <?php 
 // / This file contains the current HRConvert2 version for auto-update purposes.
 
-$Version = 'v2.5';
+$Version = 'v2.6';
