Skip to content

Commit

Permalink
Merge pull request #184 from noobpk/noobpk-fix-xss
Browse files Browse the repository at this point in the history
applying htmlspecialchars for sanitization output
  • Loading branch information
pentium10 authored Feb 8, 2022
2 parents 8140e09 + 5aea5f9 commit ced4dec
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions lib/tpl/main.php
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@
<ul class="dropdown-menu">
<li><a href="./?">All servers</a></li>
<?php foreach (array_diff($servers, array($server)) as $key => $serverItem): ?>
<li><a href="./?server=<?php echo $serverItem ?>"><?php echo empty($key) || is_numeric($key) ? $serverItem : $key ?></a></li>
<li><a href="./?server=<?php echo htmlspecialchars($serverItem) ?>"><?php echo empty($key) || is_numeric($key) ? htmlspecialchars($serverItem) : $key ?></a></li>
<?php endforeach ?>
</ul>
</li>
Expand All @@ -77,7 +77,7 @@
</a>
<ul class="dropdown-menu">
<?php foreach ($servers as $key => $serverItem): ?>
<li><a href="./?server=<?php echo $serverItem ?>"><?php echo empty($key) || is_numeric($key) ? $serverItem : $key ?></a></li>
<li><a href="./?server=<?php echo htmlspecialchars($serverItem) ?>"><?php echo empty($key) || is_numeric($key) ? htmlspecialchars($serverItem) : $key ?></a></li>
<?php endforeach ?>
</ul>
</li>
Expand Down
6 changes: 3 additions & 3 deletions lib/tpl/serversList.php
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,9 @@
?>
<tr>
<?php if (empty($stats)): ?>
<td style="white-space: nowrap;"><?php echo $label ?></td>
<td style="white-space: nowrap;"><?php echo htmlspecialchars($label) ?></td>
<?php else: ?>
<td style="white-space: nowrap;"><a href="./?server=<?php echo $server ?>"><?php echo $label; ?></a></td>
<td style="white-space: nowrap;"><a href="./?server=<?php echo htmlspecialchars($server) ?>"><?php echo htmlspecialchars($label); ?></a></td>
<?php endif ?>
<?php foreach ($stats as $key => $item): ?>
<?php
Expand All @@ -69,7 +69,7 @@
<td colspan="<?php echo count($visible) ?>" class="row-full">&nbsp;</td>
<?php endif ?>
<td><?php if (array_intersect(array($server), $cookieServers)): ?>
<a class="btn btn-xs btn-danger" title="Remove from list" href="./?action=serversRemove&removeServer=<?php echo $server ?>"><span
<a class="btn btn-xs btn-danger" title="Remove from list" href="./?action=serversRemove&removeServer=<?php echo htmlspecialchars($server) ?>"><span
class="glyphicon glyphicon-minus"></span></a>
<?php endif; ?>
</td>
Expand Down

0 comments on commit ced4dec

Please sign in to comment.