From c2a7360a3dca29724a2439811bb419e9d1479662 Mon Sep 17 00:00:00 2001
From: Mahmoud Al-Qudsi <mqudsi@neosmart.net>
Date: Sat, 10 Feb 2018 13:23:21 -0600
Subject: [PATCH] Fix security issue with non-escaped HTML in options page

---
 bootstrap.php                                        | 2 +-
 inc/settings.php                                     | 8 ++++----
 vendor/caxy/php-htmldiff/.gitignore                  | 0
 vendor/caxy/php-htmldiff/.scrutinizer.yml            | 0
 vendor/ezyang/htmlpurifier/plugins/phorum/.gitignore | 0
 5 files changed, 5 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 vendor/caxy/php-htmldiff/.gitignore
 mode change 100644 => 100755 vendor/caxy/php-htmldiff/.scrutinizer.yml
 mode change 100644 => 100755 vendor/ezyang/htmlpurifier/plugins/phorum/.gitignore

diff --git a/bootstrap.php b/bootstrap.php
index 4a46fde..e24f3c6 100755
--- a/bootstrap.php
+++ b/bootstrap.php
@@ -55,7 +55,7 @@ class visitors_edits{
 			]);
 			global $post;
 			$new_content = str_replace("#post_link#", get_site_url().'/'.$post->post_name.'/suggestions', stripcslashes($options["propose_edit_link"]));
-			$content .= $new_content;	
+			$content .= $new_content;
 		}
 		return $content;
 	}
diff --git a/inc/settings.php b/inc/settings.php
index 3624400..4b9ad18 100755
--- a/inc/settings.php
+++ b/inc/settings.php
@@ -1,4 +1,4 @@
-<?php 
+<?php
 	$options=[];
 	if(isset($_POST["save_settings"])){
 		$options=[
@@ -8,7 +8,7 @@
 			"admin_notif_message"=>$_POST["admin_notif_message"],
 			"visitor_notif_message"=>$_POST["visitor_notif_message"],
 			"edit_notify_message"=>$_POST["edit_notify_message"],
-			"propose_edit_link"=>$_POST["propose_edit_link"]
+			"propose_edit_link"=>html_entity_decode($_POST["propose_edit_link"])
 		];
 		update_option( "visitors_edits_options", $options );
 		flashMessage("Settings saved.","");
@@ -29,7 +29,7 @@
 	<form action="" method="post">
 		<div class="control">
 			<label>Propose an edit link</label>
-			<input type="text" name="propose_edit_link" value="<?php echo stripcslashes($options['propose_edit_link']) ?>">
+			<input type="text" name="propose_edit_link" value="<?php echo htmlentities(stripcslashes($options['propose_edit_link'])) ?>">
 		</div>
 		<div class="control">
 			<label>Admin notification message</label>
@@ -68,4 +68,4 @@ function flashMessage($msg,$type){
     </div>
     <?php
 }
-?>
\ No newline at end of file
+?>
diff --git a/vendor/caxy/php-htmldiff/.gitignore b/vendor/caxy/php-htmldiff/.gitignore
old mode 100644
new mode 100755
diff --git a/vendor/caxy/php-htmldiff/.scrutinizer.yml b/vendor/caxy/php-htmldiff/.scrutinizer.yml
old mode 100644
new mode 100755
diff --git a/vendor/ezyang/htmlpurifier/plugins/phorum/.gitignore b/vendor/ezyang/htmlpurifier/plugins/phorum/.gitignore
old mode 100644
new mode 100755