]> git.p6c8.net - jirafeau_mojo42.git/commitdiff
git.p6c8.net / jirafeau_mojo42.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9cb2631)
[BUGFIX] Fix XSS in admin pannel
authorJerome Jutteau <mojo@couak.net>
Tue, 1 May 2018 10:37:55 +0000 (12:37 +0200)
committerJerome Jutteau <mojo@couak.net>
Fri, 11 May 2018 21:57:50 +0000 (23:57 +0200)
Signed-off-by: Jerome Jutteau <mojo@couak.net>
lib/functions.php patch | blob | history

diff --git a/lib/functions.php b/lib/functions.php
index 9fa0e5edd90a99de3d7a936250bf307afa3115aa..e23727413f7d4c35efb36c6479c852411d5c5142 100644 (file)
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -553,13 +553,13 @@ function jirafeau_admin_list($name, $file_hash, $link_hash)
 {
     echo '<fieldset><legend>';
     if (!empty($name)) {
-        echo t('FILENAME') . ": $name ";
+        echo t('FILENAME') . ": " . jirafeau_escape($name);
     }
     if (!empty($file_hash)) {
-        echo t('FILE') . ": $file_hash ";
+        echo t('FILE') . ": " . jirafeau_escape($file_hash);
     }
     if (!empty($link_hash)) {
-        echo t('LINK') . ": $link_hash ";
+        echo t('LINK') . ": " . jirafeau_escape($link_hash);
     }
     if (empty($name) && empty($file_hash) && empty($link_hash)) {
         echo t('LS_FILES');
Mirror of mojo42's Git repository for the Jirafeau project; main repository at https://gitlab.com/mojo42/Jirafeau

patrick-canterino.de