Merge pull request #438 from Th3R3p0/master

fixed reflected xss
author: Claude <longneck-accounts@scratchbook.ch> 2017-09-29 14:45:15 +0200
committer: GitHub <noreply@github.com> 2017-09-29 14:45:15 +0200
commit: 6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea (patch)
tree: 1fd8402084872918453a47f411487ea9a73b8de2
parent: 4a0f12ec5a0cd2db648f7322119d250402419cdc (diff)
parent: 9e1ad6c36baa1d6de235057c7e20e2802c6f5662 (diff)
download: stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.tar.gz
stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.tar.bz2
stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.zip
6 files changed, 7 insertions, 6 deletions
diff --git a/htdocs/themes/bootstrap/views/defaults/paste_form.php b/htdocs/themes/bootstrap/views/defaults/paste_form.php
index 467837a..27fbca9 100644
--- a/htdocs/themes/bootstrap/views/defaults/paste_form.php
+++ b/htdocs/themes/bootstrap/views/defaults/paste_form.php
@@ -43,7 +43,7 @@
 			</div>
 			<div class="control-group">
 				<div class="controls">
-					<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
+					<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
 				</div>
 			</div>
 
diff --git a/htdocs/themes/cleanwhite/views/defaults/paste_form.php b/htdocs/themes/cleanwhite/views/defaults/paste_form.php
index bd22ae8..03ad6f7 100644
--- a/htdocs/themes/cleanwhite/views/defaults/paste_form.php
+++ b/htdocs/themes/cleanwhite/views/defaults/paste_form.php
@@ -48,7 +48,7 @@
                 <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span>
 			</label>
 			
-			<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
+			<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
 		</div>																											
 
 			<?php if($this->config->item('enable_captcha') && $this->session->userdata('is_human') === null){ ?>
diff --git a/htdocs/themes/default/views/defaults/paste_form.php b/htdocs/themes/default/views/defaults/paste_form.php
index 581af2c..38b7247 100644
--- a/htdocs/themes/default/views/defaults/paste_form.php
+++ b/htdocs/themes/default/views/defaults/paste_form.php
@@ -43,7 +43,7 @@
                 <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span>
 			</label>
 
-			<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
+			<textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
 
 		</div>
 
diff --git a/htdocs/themes/geocities/views/defaults/paste_form.php b/htdocs/themes/geocities/views/defaults/paste_form.php
index 00fa858..2d70810 100644
--- a/htdocs/themes/geocities/views/defaults/paste_form.php
+++ b/htdocs/themes/geocities/views/defaults/paste_form.php
@@ -50,7 +50,7 @@
 			</div>
 			<div class="control-group">
 				<div class="controls">
-					<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
+					<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
 				</div>
 			</div>
 
diff --git a/htdocs/themes/i386/views/defaults/paste_form.php b/htdocs/themes/i386/views/defaults/paste_form.php
index 6ab6902..e26f68b 100644
--- a/htdocs/themes/i386/views/defaults/paste_form.php
+++ b/htdocs/themes/i386/views/defaults/paste_form.php
@@ -50,7 +50,7 @@
 			</div>
 			<div class="control-group">
 				<div class="controls">
-					<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
+					<textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
 				</div>
 			</div>
 
diff --git a/htdocs/themes/stikkedizr/views/defaults/paste_form.php b/htdocs/themes/stikkedizr/views/defaults/paste_form.php
index cb1ee9d..967c0bf 100644
--- a/htdocs/themes/stikkedizr/views/defaults/paste_form.php
+++ b/htdocs/themes/stikkedizr/views/defaults/paste_form.php
@@ -1,5 +1,6 @@
 
 <?php echo validation_errors(); ?>
+<?php echo "hello"; ?>
 
 <div class="row">
 	<div class="col-12 col-sm-12 col-lg-12">
@@ -49,7 +50,7 @@
 			</div>
 			<div class="control-group">
 				<div class="controls">
-					<textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea>
+					<textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea>
 				</div>
 			</div>
author	Claude <longneck-accounts@scratchbook.ch>	2017-09-29 14:45:15 +0200
committer	GitHub <noreply@github.com>	2017-09-29 14:45:15 +0200
commit	6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea (patch)
tree	1fd8402084872918453a47f411487ea9a73b8de2
parent	4a0f12ec5a0cd2db648f7322119d250402419cdc (diff)
parent	9e1ad6c36baa1d6de235057c7e20e2802c6f5662 (diff)
download	stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.tar.gz stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.tar.bz2 stikked-fit-6ea5cbf4038609dbc1434ca2ecc14be6901eb2ea.zip