Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-01-31 05:20:30 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix XSS in error message (thanks to Sharif aka Vincent Pentester)

Browse Source
This commit is contained in:
Fedor A. Fetisov 2020-12-25 23:44:33 +03:00
parent 1c3d9c98b4
commit b8bad36510
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mibew/libs/classes/Mibew/Controller/ButtonCodeController.php
View File

@ -51,7 +51,7 @@ class ButtonCodeController extends AbstractController
$image_locales_map = $this->getImageLocalesMap(MIBEW_FS_ROOT . '/locales');
$image = $request->query->get('i', 'mibew');
if (!isset($image_locales_map[$image])) {
$page['errors'][] = 'Unknown image: ' . $image;
$page['errors'][] = 'Unknown image: ' . htmlspecialchars($image);
$avail = array_keys($image_locales_map);
$image = $avail[0];
}