1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-25 05:22:59 +00:00

feature-guiconfig: fix potential obscure XSS

This commit is contained in:
Starbeamrainbowlabs 2021-09-02 22:53:59 +01:00
parent 80f77a93b5
commit 3f61c9eac0
Signed by: sbrl
GPG key ID: 1BE5172E637709C2

View file

@ -5,7 +5,7 @@
register_module([ register_module([
"name" => "Settings GUI", "name" => "Settings GUI",
"version" => "0.1.7", "version" => "0.1.8",
"author" => "Starbeamrainbowlabs", "author" => "Starbeamrainbowlabs",
"description" => "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.", "description" => "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
"id" => "feature-guiconfig", "id" => "feature-guiconfig",
@ -100,10 +100,10 @@ SCRIPT;
case "email": case "email":
case "number": case "number":
case "text": case "text":
$inputControl = "<input type='$configData->type' id='$configKey' name='$configKey' value='{$settings->$configKey}' />"; $inputControl = "<input type='$configData->type' id='$configKey' name='$configKey' value='".htmlentities($settings->$configKey)."' />";
break; break;
case "textarea": case "textarea":
$inputControl = "<textarea id='$configKey' name='$configKey'>{$settings->$configKey}</textarea>"; $inputControl = "<textarea id='$configKey' name='$configKey'>".htmlentities($settings->$configKey)."</textarea>";
break; break;
case "checkbox": case "checkbox":
$reverse = true; $reverse = true;
@ -118,7 +118,7 @@ SCRIPT;
break; break;
default: default:
$label = ""; $label = "";
$inputControl = "<p><em>Sorry! The <code>$configKey</code> setting isn't editable yet through the gui. Please try editing <code>peppermint.json</code> for the time being.</em></p>"; $inputControl = "<p><em>Sorry! The <code>".htmlentities($configKey)."</code> setting isn't editable yet through the gui. Please try editing <code>peppermint.json</code> for the time being.</em></p>";
break; break;
} }