Digitalstack/myaac
2
0
Fork 0
mirror of https://github.com/slawkens/myaac.git synced 2025-04-27 09:49:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix XSS in creatures.php, thanks to @gesior

Browse Source 
Closes #254
This commit is contained in:
slawkens 2024-05-15 22:15:36 +02:00
parent 2793c41655
commit 02eea950e4
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
system/functions.php
View File

@ -1265,7 +1265,7 @@ function getCustomPage($page, &$success)
}
function escapeHtml($html) {
return htmlentities($html, ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8');
return htmlspecialchars($html);
}
function displayErrorBoxWithBackButton($errors, $action = null) {

2
system/pages/creatures.php
View File

@ -157,7 +157,7 @@ if (empty($_REQUEST['creature'])) {
echo '</td></tr>';
echo '</TABLE>';
} else {
echo "Monster with name <b>" . $monster_name . "</b> doesn't exist.";
echo "Monster with name <b>" . htmlspecialchars($monster_name) . "</b> doesn't exist.";
}
//back button