sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code

feature-guiconfig: fix potential obscure XSS

This commit is contained in:
Starbeamrainbowlabs 2021-09-02 22:53:59 +01:00
parent 80f77a93b5
commit 3f61c9eac0
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
modules/feature-guiconfig.php
View File

@ -5,7 +5,7 @@
register_module([
"name" => "Settings GUI",
"version" => "0.1.7",
"version" => "0.1.8",
"author" => "Starbeamrainbowlabs",
"description" => "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
"id" => "feature-guiconfig",
@ -100,10 +100,10 @@ SCRIPT;
case "email":
case "number":
case "text":
$inputControl = "<input type='$configData->type' id='$configKey' name='$configKey' value='{$settings->$configKey}' />";
$inputControl = "<input type='$configData->type' id='$configKey' name='$configKey' value='".htmlentities($settings->$configKey)."' />";
break;
case "textarea":
$inputControl = "<textarea id='$configKey' name='$configKey'>{$settings->$configKey}</textarea>";
$inputControl = "<textarea id='$configKey' name='$configKey'>".htmlentities($settings->$configKey)."</textarea>";
break;
case "checkbox":
$reverse = true;
@ -118,7 +118,7 @@ SCRIPT;
break;
default:
$label = "";
$inputControl = "<p><em>Sorry! The <code>$configKey</code> setting isn't editable yet through the gui. Please try editing <code>peppermint.json</code> for the time being.</em></p>";
$inputControl = "<p><em>Sorry! The <code>".htmlentities($configKey)."</code> setting isn't editable yet through the gui. Please try editing <code>peppermint.json</code> for the time being.</em></p>";
break;
}