diff options
author | Th3R3p0 <th3r3p0@gmail.com> | 2017-08-22 22:36:50 -0400 |
---|---|---|
committer | Th3R3p0 <th3r3p0@gmail.com> | 2017-08-22 22:36:50 -0400 |
commit | 9e1ad6c36baa1d6de235057c7e20e2802c6f5662 (patch) | |
tree | ec18f301401f26f5afcacb0839208059ad954890 | |
parent | bd344547586f1335fe6c421683af9002a62f4e84 (diff) | |
download | stikked-fit-9e1ad6c36baa1d6de235057c7e20e2802c6f5662.tar.gz stikked-fit-9e1ad6c36baa1d6de235057c7e20e2802c6f5662.tar.bz2 stikked-fit-9e1ad6c36baa1d6de235057c7e20e2802c6f5662.zip |
fixed reflected xss mentioned in https://github.com/claudehohl/Stikked/issues/432
6 files changed, 7 insertions, 6 deletions
diff --git a/htdocs/themes/bootstrap/views/defaults/paste_form.php b/htdocs/themes/bootstrap/views/defaults/paste_form.php index d6fea40..4f254b3 100644 --- a/htdocs/themes/bootstrap/views/defaults/paste_form.php +++ b/htdocs/themes/bootstrap/views/defaults/paste_form.php @@ -43,7 +43,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> diff --git a/htdocs/themes/cleanwhite/views/defaults/paste_form.php b/htdocs/themes/cleanwhite/views/defaults/paste_form.php index f09b904..546b87e 100644 --- a/htdocs/themes/cleanwhite/views/defaults/paste_form.php +++ b/htdocs/themes/cleanwhite/views/defaults/paste_form.php @@ -48,7 +48,7 @@ <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span> </label> - <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> <?php if($this->config->item('enable_captcha') && $this->session->userdata('is_human') === null){ ?> diff --git a/htdocs/themes/default/views/defaults/paste_form.php b/htdocs/themes/default/views/defaults/paste_form.php index 5816287..c608dc6 100644 --- a/htdocs/themes/default/views/defaults/paste_form.php +++ b/htdocs/themes/default/views/defaults/paste_form.php @@ -43,7 +43,7 @@ <span class="instruction"><a href="#" id="enable_codemirror" data-lang-enablesynhl="<?php echo lang('paste_enablesynhl'); ?>" data-lang-disablesynhl="<?php echo lang('paste_disablesynhl'); ?>"></a></span> </label> - <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" name="code" cols="40" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> diff --git a/htdocs/themes/geocities/views/defaults/paste_form.php b/htdocs/themes/geocities/views/defaults/paste_form.php index 376e100..c9672ac 100644 --- a/htdocs/themes/geocities/views/defaults/paste_form.php +++ b/htdocs/themes/geocities/views/defaults/paste_form.php @@ -50,7 +50,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> diff --git a/htdocs/themes/i386/views/defaults/paste_form.php b/htdocs/themes/i386/views/defaults/paste_form.php index 766063e..79779d3 100644 --- a/htdocs/themes/i386/views/defaults/paste_form.php +++ b/htdocs/themes/i386/views/defaults/paste_form.php @@ -50,7 +50,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="span12" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> diff --git a/htdocs/themes/stikkedizr/views/defaults/paste_form.php b/htdocs/themes/stikkedizr/views/defaults/paste_form.php index 4849827..a923fe7 100644 --- a/htdocs/themes/stikkedizr/views/defaults/paste_form.php +++ b/htdocs/themes/stikkedizr/views/defaults/paste_form.php @@ -1,5 +1,6 @@ <?php echo validation_errors(); ?> +<?php echo "hello"; ?> <div class="row"> <div class="col-12 col-sm-12 col-lg-12"> @@ -49,7 +50,7 @@ </div> <div class="control-group"> <div class="controls"> - <textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo $paste_set; }?></textarea> + <textarea id="code" class="form-control" name="code" rows="20" tabindex="4"><?php if(isset($paste_set)){ echo htmlspecialchars($paste_set); }?></textarea> </div> </div> |