From be5a48143b79e5a7b0942d6ea04ca3b78956f5ee Mon Sep 17 00:00:00 2001 From: Jerry Wu Date: Fri, 4 Oct 2019 12:06:54 +0800 Subject: [PATCH] Admin Panel XSS vulnerability fixed --- admin/ajax/config.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/ajax/config.php b/admin/ajax/config.php index d6f2562..556332f 100644 --- a/admin/ajax/config.php +++ b/admin/ajax/config.php @@ -30,7 +30,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { $limit = abs(intval(@$_POST["limit"])); $content = file_get_contents($template_filename); $new_content = strtr($content, array( - "{blog_name}" => addslashes(@$_POST["name"]), + "{blog_name}" => addslashes(@htmlspecialchars($_POST["name"])), "{limit}" => ($limit != 0 ? $limit : 10), "{register}" => (@$_POST["register"] === "true" ? "true" : "false") ));