maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

exclude some formfields from xss-cleaning as it could alter the wanted content

Browse Source 
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
2021-01-13 10:14:51 +01:00
parent 9f13aa9a12
commit a31da97d66
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/Froxlor/PhpHelper.php
View File

@@ -400,10 +400,21 @@ class PhpHelper
*/
public static function cleanGlobal(&$global, &$antiXss)
{
$ignored_fields = [
'system_default_vhostconf',
'system_default_sslvhostconf',
'system_apache_globaldiropt',
'specialsettings',
'ssl_specialsettings',
'default_vhostconf_domain',
'ssl_default_vhostconf_domain'
];
if (isset($global) && ! empty($global)) {
$tmp = $global;
foreach ($tmp as $index => $value) {
$global[$index] = $antiXss->xss_clean($value);
if (!in_array($index, $ignored_fields)) {
$global[$index] = $antiXss->xss_clean($value);
}
}
}
}