t510599/cavern
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Admin Panel XSS vulnerability fixed

Browse Source
This commit is contained in:
Jerry Wu 2019-10-04 12:06:54 +08:00
parent 34cf2afa09
commit be5a48143b
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/ajax/config.php
View File

@ -30,7 +30,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$limit = abs(intval(@$_POST["limit"])); $limit = abs(intval(@$_POST["limit"]));
$content = file_get_contents($template_filename); $content = file_get_contents($template_filename);
$new_content = strtr($content, array( $new_content = strtr($content, array(
"{blog_name}" => addslashes(@$_POST["name"]), "{blog_name}" => addslashes(@htmlspecialchars($_POST["name"])),
"{limit}" => ($limit != 0 ? $limit : 10), "{limit}" => ($limit != 0 ? $limit : 10),
"{register}" => (@$_POST["register"] === "true" ? "true" : "false") "{register}" => (@$_POST["register"] === "true" ? "true" : "false")
)); ));