t510599/cavern
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #5 from a91082900/master

Browse Source 
Admin Panel XSS vulnerability fixed
This commit is contained in:
Tony Yang 2019-10-04 12:36:53 +08:00 committed by GitHub
commit 683bdc9ee6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/ajax/config.php
View File

@ -30,7 +30,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$limit = abs(intval(@$_POST["limit"])); $limit = abs(intval(@$_POST["limit"]));
$content = file_get_contents($template_filename); $content = file_get_contents($template_filename);
$new_content = strtr($content, array( $new_content = strtr($content, array(
"{blog_name}" => addslashes(@$_POST["name"]), "{blog_name}" => addslashes(@htmlspecialchars($_POST["name"])),
"{limit}" => ($limit != 0 ? $limit : 10), "{limit}" => ($limit != 0 ? $limit : 10),
"{register}" => (@$_POST["register"] === "true" ? "true" : "false") "{register}" => (@$_POST["register"] === "true" ? "true" : "false")
)); ));