#597: Fix for XSS issue in chatbox extension.
This commit is contained in:
jgen
parent
fefc922070
commit
c379420a1f
2 changed files with 15 additions and 4 deletions
|
|
@ -10,15 +10,23 @@
|
|||
|
||||
$admin = loggedIn();
|
||||
|
||||
$log = 1;
|
||||
|
||||
if (isset($_GET['log']))
|
||||
{
|
||||
$log = $_GET['log'];
|
||||
}
|
||||
|
||||
if (isset($_POST['log']))
|
||||
{
|
||||
$log = $_POST['log'];
|
||||
}
|
||||
|
||||
if (!isset($log))
|
||||
if (filter_var($log, FILTER_VALIDATE_INT) === false)
|
||||
{
|
||||
$log = 1;
|
||||
|
||||
}
|
||||
|
||||
$ys = ys($log);
|
||||
$posts = $ys->posts();
|
||||
|
||||
|
|
@ -132,4 +140,4 @@ if (isset($_POST['p'])) {
|
|||
<a id="to-top" href="#top">Back to top</a>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
</html>
|
||||
|
|
|
|||
|
|
@ -89,7 +89,10 @@
|
|||
global $yShout, $prefs;
|
||||
if ($yShout) return $yShout;
|
||||
|
||||
if ($log > $prefs['logs'] || $log < 0 || !is_numeric($log)) $log = 1;
|
||||
if (filter_var($log, FILTER_VALIDATE_INT, array("options" => array("min_range" => 0, "max_range" => $prefs['logs']))) === false)
|
||||
{
|
||||
$log = 1;
|
||||
}
|
||||
|
||||
$log = 'log.' . $log;
|
||||
return new YShout($log, loggedIn());
|
||||
|
|
|
|||
Reference in a new issue