Do not test empty values for XSS
This commit is contained in:
parent
ba55e25844
commit
068dd9d46f
@ -686,6 +686,10 @@ sub buildHiddenForm {
|
||||
sub checkXSSAttack {
|
||||
my ( $self, $name, $value ) = splice @_;
|
||||
|
||||
# Empty values are not bad
|
||||
return 0 unless $value;
|
||||
|
||||
# Test value
|
||||
if ( $value =~ m/(?:\0|<|'|"|`|\%(?:00|25|3C|22|27|2C))/ ) {
|
||||
$self->lmLog( "XSS attack detected (param: $name | value: $value)",
|
||||
"warn" );
|
||||
|
Loading…
Reference in New Issue
Block a user