mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 04:23:01 +00:00
feature-guiconfig: fix potential obscure XSS
This commit is contained in:
parent
80f77a93b5
commit
3f61c9eac0
1 changed files with 4 additions and 4 deletions
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
register_module([
|
register_module([
|
||||||
"name" => "Settings GUI",
|
"name" => "Settings GUI",
|
||||||
"version" => "0.1.7",
|
"version" => "0.1.8",
|
||||||
"author" => "Starbeamrainbowlabs",
|
"author" => "Starbeamrainbowlabs",
|
||||||
"description" => "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
|
"description" => "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
|
||||||
"id" => "feature-guiconfig",
|
"id" => "feature-guiconfig",
|
||||||
|
@ -100,10 +100,10 @@ SCRIPT;
|
||||||
case "email":
|
case "email":
|
||||||
case "number":
|
case "number":
|
||||||
case "text":
|
case "text":
|
||||||
$inputControl = "<input type='$configData->type' id='$configKey' name='$configKey' value='{$settings->$configKey}' />";
|
$inputControl = "<input type='$configData->type' id='$configKey' name='$configKey' value='".htmlentities($settings->$configKey)."' />";
|
||||||
break;
|
break;
|
||||||
case "textarea":
|
case "textarea":
|
||||||
$inputControl = "<textarea id='$configKey' name='$configKey'>{$settings->$configKey}</textarea>";
|
$inputControl = "<textarea id='$configKey' name='$configKey'>".htmlentities($settings->$configKey)."</textarea>";
|
||||||
break;
|
break;
|
||||||
case "checkbox":
|
case "checkbox":
|
||||||
$reverse = true;
|
$reverse = true;
|
||||||
|
@ -118,7 +118,7 @@ SCRIPT;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
$label = "";
|
$label = "";
|
||||||
$inputControl = "<p><em>Sorry! The <code>$configKey</code> setting isn't editable yet through the gui. Please try editing <code>peppermint.json</code> for the time being.</em></p>";
|
$inputControl = "<p><em>Sorry! The <code>".htmlentities($configKey)."</code> setting isn't editable yet through the gui. Please try editing <code>peppermint.json</code> for the time being.</em></p>";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue