Skip to content

Commit

Permalink
Additional fix for XSS
Browse files Browse the repository at this point in the history
  • Loading branch information
@shannah
shannah committed Dec 27, 2018
1 parent 76239a9 commit 725ac06
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions Dataface/Application.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1023,7 +1023,7 @@ function Dataface_Application($conf = null){


if ( isset( $query['--msg'] ) ) {
$query['--msg'] = strip_tags($query['--msg']);
$query['--msg'] = htmlspecialchars($query['--msg']);
if ( preg_match('/^@@$/', $query['--msg']) ){

if ( @$_SESSION['--msg'] ){
Expand All @@ -1040,7 +1040,7 @@ function Dataface_Application($conf = null){


if ( isset($query['--error']) and trim($query['--error']) ){
$query['--error'] = preg_replace('#<[^>]*>#','', $query['--error']);
$query['--error'] = htmlspecialchars($query['--error']);
$this->addError(PEAR::raiseError($query['--error']));
}

Expand Down
2 changes: 1 addition & 1 deletion version.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
2.2.1 4806
2.2.2 4807

0 comments on commit 725ac06

Please sign in to comment.