maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

Merge pull request #357 from yaplik/master

Browse Source 
fix non-persistent XSS due inproper content escaping
This commit is contained in:
Michael Kaufmann
2016-06-03 16:29:28 +02:00
parent 7faebbb197 970a119f23
commit 85f707af8a
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
index.php
View File

@@ -302,7 +302,7 @@ if ($action == 'login') {
} }
$lastqrystr = ""; $lastqrystr = "";
if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") { if (isset($_REQUEST['qrystr']) && $_REQUEST['qrystr'] != "") {
$lastqrystr = strip_tags($_REQUEST['qrystr']); $lastqrystr = htmlspecialchars($_REQUEST['qrystr'], ENT_QUOTES);
} }
eval("echo \"" . getTemplate('login') . "\";"); eval("echo \"" . getTemplate('login') . "\";");