clones/Froxlor
1
0
Fork 0
mirror of https://github.com/Froxlor/Froxlor.git synced 2024-09-21 10:27:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

never allow {{ }} in user-input

Browse Source
This commit is contained in:
Michael Kaufmann 2024-05-10 17:23:25 +02:00
parent c07ff16274
commit 1a5680d2a8
No known key found for this signature in database
GPG Key ID: C121F97338D7A352
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/Froxlor/UI/Request.php
View File

@ -101,6 +101,9 @@ class Request
unset($value);
$antiXss = new AntiXSS();
$antiXss->addNeverAllowedRegex([
'{{(.*)}}' => ''
]);
// check $_GET
PhpHelper::cleanGlobal($_GET, $antiXss);