Merge pull request #5 from a91082900/master

Admin Panel XSS vulnerability fixed
This commit is contained in:
Tony Yang 2019-10-04 12:36:53 +08:00 committed by GitHub
commit 683bdc9ee6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -30,7 +30,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$limit = abs(intval(@$_POST["limit"]));
$content = file_get_contents($template_filename);
$new_content = strtr($content, array(
"{blog_name}" => addslashes(@$_POST["name"]),
"{blog_name}" => addslashes(@htmlspecialchars($_POST["name"])),
"{limit}" => ($limit != 0 ? $limit : 10),
"{register}" => (@$_POST["register"] === "true" ? "true" : "false")
));