notfire/qna
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix html injection; thanks to ⬡-49016 for its report

Browse source
This commit is contained in:
Luke 2025-01-18 15:40:32 +01:00
parent 3d0725135c
commit f376d8ec96
Signed by: notfire
GPG key ID: 440484407AF15DA3
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
admin/all.php
View file

@ -38,7 +38,7 @@ foreach (array_reverse($rows) as $i){
if ($i["isrespondedto"] === "f" && $i["ispublic"] == "t") { if ($i["isrespondedto"] === "f" && $i["ispublic"] == "t") {
echo("<div class=\"question\">"); echo("<div class=\"question\">");
if ($i["iscwed"] === "t") { if ($i["iscwed"] === "t") {
echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>"); echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
} }
echo(htmlspecialchars($i["text"])); echo(htmlspecialchars($i["text"]));
echo("<div class=\"time\">" . $i["time"] . "</div>"); echo("<div class=\"time\">" . $i["time"] . "</div>");

2
index.php
View file

@ -36,7 +36,7 @@ foreach (array_reverse($rows) as $i){
if ($i["ispublic"] === "t" && $i["isrespondedto"] === "t") { if ($i["ispublic"] === "t" && $i["isrespondedto"] === "t") {
echo("<div class=\"question\">"); echo("<div class=\"question\">");
if ($i["iscwed"] === "t") { if ($i["iscwed"] === "t") {
echo("<details><summary>cw: " . $i["cw"] . "</summary><span class=\"cwfiller\"></span>"); echo("<details><summary>cw: " . htmlspecialchars($i["cw"]) . "</summary><span class=\"cwfiller\"></span>");
} }
echo(htmlspecialchars($i["text"])); echo(htmlspecialchars($i["text"]));
echo("<div class=\"time\">" . $i["time"] . "</div>"); echo("<div class=\"time\">" . $i["time"] . "</div>");