t510599/cavern
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed #12: notification XSS vulnerability

Browse Source
This commit is contained in:
t510599 2020-02-02 23:33:56 +08:00
parent d9fd7f296e
commit a1936063ff
Signed by: t510599
GPG Key ID: D88388851C28715D
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
post.php
View File

@ -49,7 +49,8 @@ if ($user->islogin && isset($_POST['pid']) && isset($_POST['title']) && isset($_
$username_list = parse_user_tag($_POST['content']); $username_list = parse_user_tag($_POST['content']);
foreach ($username_list as $key => $id) { foreach ($username_list as $key => $id) {
if ($id == $user->username) continue; if ($id == $user->username) continue;
cavern_notify_user($id, "{{$user->name}}@{$user->username} 在 [{$_POST['title']}] 中提到了你", "post.php?pid=$pid"); $_title = htmlspecialchars($_POST['title']);
cavern_notify_user($id, "{{$user->name}}@{$user->username} 在 [$_title] 中提到了你", "post.php?pid=$pid");
} }
http_response_code(201); // 201 Created http_response_code(201); // 201 Created