From f376d8ec9627be5dd09954d4b72c222b47df20be Mon Sep 17 00:00:00 2001
From: Luke <notfire@posteo.net>
Date: Sat, 18 Jan 2025 15:40:32 +0100
Subject: [PATCH] =?UTF-8?q?fix=20html=20injection;=20thanks=20to=20?=
 =?UTF-8?q?=E2=AC=A1-49016=20for=20its=20report?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 admin/all.php | 4 ++--
 index.php     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/admin/all.php b/admin/all.php
index 5b74cbb..3d0f591 100644
--- a/admin/all.php
+++ b/admin/all.php
@@ -38,7 +38,7 @@ foreach (array_reverse($rows) as $i){
     if ($i["isrespondedto"] === "f" && $i["ispublic"] == "t") {
         echo("<div class=\"question\">");
         if ($i["iscwed"] === "t") {
-            echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>");
+            echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
         }
         echo(htmlspecialchars($i["text"]));
         echo("<div class=\"time\">" . $i["time"] . "</div>");
@@ -74,4 +74,4 @@ foreach (array_reverse($rows) as $i){
     }
 }
 
-?>
\ No newline at end of file
+?>
diff --git a/index.php b/index.php
index 6146864..999474d 100644
--- a/index.php
+++ b/index.php
@@ -36,7 +36,7 @@ foreach (array_reverse($rows) as $i){
     if ($i["ispublic"] === "t" && $i["isrespondedto"] === "t") {
         echo("<div class=\"question\">");
         if ($i["iscwed"] === "t") {
-            echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>");
+            echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
         }
         echo(htmlspecialchars($i["text"]));
         echo("<div class=\"time\">" . $i["time"] . "</div>");
@@ -46,4 +46,4 @@ foreach (array_reverse($rows) as $i){
     }
 }
 
-?>
\ No newline at end of file
+?>