Skip to content

Commit

Permalink
Use htmlspecialchars on Message to prevent Stored Cross-Site Scriptin…
Browse files Browse the repository at this point in the history
…g. Fixes GHSA-rqxv-447h-g7jx
  • Loading branch information
Isaac Connor committed Sep 30, 2024
1 parent 7cc4ac2 commit 36c6b88
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion web/ajax/log.php
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ function queryRequest() {

$row['Server'] = $Server ? $Server->Name() : '';
// Strip out all characters that are not ASCII 32-126 (yes, 126)
$row['Message'] = preg_replace('/[^\x20-\x7E]/', '', $row['Message']);
$row['Message'] = preg_replace('/[^\x20-\x7E]/', '', htmlspecialchars($row['Message']));
$row['File'] = preg_replace('/[^\x20-\x7E]/', '', strip_tags($row['File']));
$rows[] = $row;
}
Expand Down

0 comments on commit 36c6b88

Please sign in to comment.