diff options
author | Claude <longneck-accounts@scratchbook.ch> | 2017-09-29 14:45:15 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-09-29 14:45:15 +0200 |
commit | 6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea (patch) | |
tree | 1fd8402084872918453a47f411487ea9a73b8de2 | |
parent | 4a0f12ec5a0cd2db648f7322119d250402419cdc (diff) | |
parent | 9e1ad6c36baa1d6de235057c7e20e2802c6f5662 (diff) | |
download | stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.tar.gz stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.tar.bz2 stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.zip |
Merge pull request #438 from Th3R3p0/master
fixed reflected xss
6 files changed, 7 insertions, 6 deletions
diff --git a/htdocs/themes/bootstrap/views/defaults/paste_form.php b/htdocs/themes/bootstrap/views/defaults/paste_form.php index 467837a..27fbca9 100644 --- a/htdocs/themes/bootstrap/views/defaults/paste_form.php +++ b/htdocs/themes/bootstrap/views/defaults/paste_form.php @@ -43,7 +43,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> diff --git a/htdocs/themes/cleanwhite/views/defaults/paste_form.php b/htdocs/themes/cleanwhite/views/defaults/paste_form.php index bd22ae8..03ad6f7 100644 --- a/htdocs/themes/cleanwhite/views/defaults/paste_form.php +++ b/htdocs/themes/cleanwhite/views/defaults/paste_form.php @@ -48,7 +48,7 @@ <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span> </label> - <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> <?php if($this->config->item('enable_captcha') && $this->session->userdata('is_human') === null){ ?> diff --git a/htdocs/themes/default/views/defaults/paste_form.php b/htdocs/themes/default/views/defaults/paste_form.php index 581af2c..38b7247 100644 --- a/htdocs/themes/default/views/defaults/paste_form.php +++ b/htdocs/themes/default/views/defaults/paste_form.php @@ -43,7 +43,7 @@ <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span> </label> - <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> diff --git a/htdocs/themes/geocities/views/defaults/paste_form.php b/htdocs/themes/geocities/views/defaults/paste_form.php index 00fa858..2d70810 100644 --- a/htdocs/themes/geocities/views/defaults/paste_form.php +++ b/htdocs/themes/geocities/views/defaults/paste_form.php @@ -50,7 +50,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> diff --git a/htdocs/themes/i386/views/defaults/paste_form.php b/htdocs/themes/i386/views/defaults/paste_form.php index 6ab6902..e26f68b 100644 --- a/htdocs/themes/i386/views/defaults/paste_form.php +++ b/htdocs/themes/i386/views/defaults/paste_form.php @@ -50,7 +50,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> diff --git a/htdocs/themes/stikkedizr/views/defaults/paste_form.php b/htdocs/themes/stikkedizr/views/defaults/paste_form.php index cb1ee9d..967c0bf 100644 --- a/htdocs/themes/stikkedizr/views/defaults/paste_form.php +++ b/htdocs/themes/stikkedizr/views/defaults/paste_form.php @@ -1,5 +1,6 @@ <?php echo validation_errors(); ?> +<?php echo "hello"; ?> <div class="row"> <div class="col-12 col-sm-12 col-lg-12"> @@ -49,7 +50,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> |