kashire/lainchan
4
0
Fork 0
Code Issues 9 Pull Requests Releases Wiki Activity

SECURITY: fix XSS vulnerability

Browse Source
This commit is contained in:
czaks 2014-03-27 13:10:53 +01:00
parent ba6744a1c6
commit 56eaf863f2
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
attentionbar.php
View File

@ -3,7 +3,7 @@
checkBan(); checkBan();
$text = isset($_POST['text']) ? $_POST['text'] : ''; $text = isset($_POST['text']) ? $_POST['text'] : '';
if(strlen($text)>0 && !preg_match('/a href/', $text)) { if(strlen($text)>0 && !preg_match('/a href/', $text)) {
file_put_contents("attentionbar.txt",$text); file_put_contents("attentionbar.txt",htmlspecialchars($text));
if(strlen($_SERVER['HTTP_REFERER'])>0) { header('Location: ' . $_SERVER['HTTP_REFERER']); } if(strlen($_SERVER['HTTP_REFERER'])>0) { header('Location: ' . $_SERVER['HTTP_REFERER']); }
else { header('Location: /'); } else { header('Location: /'); }
} else print(file_get_contents("attentionbar.txt")); } else print(file_get_contents("attentionbar.txt"));

4
js/attention-bar.js
View File

@ -2,7 +2,7 @@ $(document).ready(function(){
$("#attention_bar").click(function(eO){ $("#attention_bar").css("display","none"); $("#attention_bar").click(function(eO){ $("#attention_bar").css("display","none");
$("#attention_bar_form").css("display","block"); }); $("#attention_bar_form").css("display","block"); });
$.get(configRoot + "attentionbar.txt", function(data) { $.get(configRoot + "attentionbar.txt", function(data) {
$("#attention_bar").text(data); $("#attention_bar").html(data);
$("#attention_bar_input").val(data); $("#attention_bar_input").val($("#attention_bar").text());
}); });
}); });