SECURITY: fix XSS vulnerability
This commit is contained in:
parent
ba6744a1c6
commit
56eaf863f2
@ -3,7 +3,7 @@
|
||||
checkBan();
|
||||
$text = isset($_POST['text']) ? $_POST['text'] : '';
|
||||
if(strlen($text)>0 && !preg_match('/a href/', $text)) {
|
||||
file_put_contents("attentionbar.txt",$text);
|
||||
file_put_contents("attentionbar.txt",htmlspecialchars($text));
|
||||
if(strlen($_SERVER['HTTP_REFERER'])>0) { header('Location: ' . $_SERVER['HTTP_REFERER']); }
|
||||
else { header('Location: /'); }
|
||||
} else print(file_get_contents("attentionbar.txt"));
|
||||
|
@ -2,7 +2,7 @@ $(document).ready(function(){
|
||||
$("#attention_bar").click(function(eO){ $("#attention_bar").css("display","none");
|
||||
$("#attention_bar_form").css("display","block"); });
|
||||
$.get(configRoot + "attentionbar.txt", function(data) {
|
||||
$("#attention_bar").text(data);
|
||||
$("#attention_bar_input").val(data);
|
||||
$("#attention_bar").html(data);
|
||||
$("#attention_bar_input").val($("#attention_bar").text());
|
||||
});
|
||||
});
|
||||
|
Loading…
Reference in New Issue
Block a user