Browse Source

Fix security issue with non-escaped HTML in options page

master
Mahmoud Al-Qudsi 1 year ago
parent
commit
c2a7360a3d
5 changed files with 5 additions and 5 deletions
  1. +1
    -1
      bootstrap.php
  2. +4
    -4
      inc/settings.php
  3. +0
    -0
      vendor/caxy/php-htmldiff/.gitignore
  4. +0
    -0
      vendor/caxy/php-htmldiff/.scrutinizer.yml
  5. +0
    -0
      vendor/ezyang/htmlpurifier/plugins/phorum/.gitignore

+ 1
- 1
bootstrap.php View File

@@ -55,7 +55,7 @@ class visitors_edits{
]);
global $post;
$new_content = str_replace("#post_link#", get_site_url().'/'.$post->post_name.'/suggestions', stripcslashes($options["propose_edit_link"]));
$content .= $new_content;
$content .= $new_content;
}
return $content;
}

+ 4
- 4
inc/settings.php View File

@@ -1,4 +1,4 @@
<?php
<?php
$options=[];
if(isset($_POST["save_settings"])){
$options=[
@@ -8,7 +8,7 @@
"admin_notif_message"=>$_POST["admin_notif_message"],
"visitor_notif_message"=>$_POST["visitor_notif_message"],
"edit_notify_message"=>$_POST["edit_notify_message"],
"propose_edit_link"=>$_POST["propose_edit_link"]
"propose_edit_link"=>html_entity_decode($_POST["propose_edit_link"])
];
update_option( "visitors_edits_options", $options );
flashMessage("Settings saved.","");
@@ -29,7 +29,7 @@
<form action="" method="post">
<div class="control">
<label>Propose an edit link</label>
<input type="text" name="propose_edit_link" value="<?php echo stripcslashes($options['propose_edit_link']) ?>">
<input type="text" name="propose_edit_link" value="<?php echo htmlentities(stripcslashes($options['propose_edit_link'])) ?>">
</div>
<div class="control">
<label>Admin notification message</label>
@@ -68,4 +68,4 @@ function flashMessage($msg,$type){
</div>
<?php
}
?>
?>

+ 0
- 0
vendor/caxy/php-htmldiff/.gitignore View File


+ 0
- 0
vendor/caxy/php-htmldiff/.scrutinizer.yml View File


+ 0
- 0
vendor/ezyang/htmlpurifier/plugins/phorum/.gitignore View File


Loading…
Cancel
Save