Skip to content

Commit

Permalink
Properly escape possible user-input
Browse files Browse the repository at this point in the history
Signed-off-by: DL6ER <[email protected]>
  • Loading branch information
DL6ER committed Feb 3, 2021
1 parent 6ff083a commit 22d7df9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion scripts/pi-hole/php/auth.php
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ function check_cors() {
$server_origin = str_replace(array("[","]","http://","https://"), array("","","",""), $server_origin);

if(!in_array($server_origin, $AUTHORIZED_HOSTNAMES)) {
log_and_die("Failed CORS: " . $server_origin .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));
log_and_die("Failed CORS: " . htmlspecialchars($server_origin) .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));
}
header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
}
Expand Down

0 comments on commit 22d7df9

Please sign in to comment.