secure requests; refs #893

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
2020-10-31 15:57:59 +01:00
parent 16eca628dd
commit ea76ce8fcc
3 changed files with 25 additions and 5 deletions
--- a/api.php
+++ b/api.php
@@ -1,4 +1,6 @@
 <?php
+use voku\helper\AntiXSS;
+
 require __DIR__ . '/vendor/autoload.php';

 require \Froxlor\Froxlor::getInstallDir() . '/lib/tables.inc.php';
@@ -30,6 +32,12 @@ if (is_null($decoded_request)) {
 	json_response(400, "Invalid JSON");
 }

+/**
+ * check for xss attempts and clean request
+ */
+$antiXss = new AntiXSS();
+$request = $antiXss->xss_clean($request);
+
 // validate content
 try {
 	$decoded_request = stripcslashes_deep($decoded_request);