sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code

Bugfix: Fix XSS via action GET parameter. 

Ref CVE-2021-38601

Serously, don't make public GitHub repos before contacting me!

https://github.com/hmaverickadams/CVE-2021-38601
This commit is contained in:
Starbeamrainbowlabs 2021-09-02 21:08:01 +01:00
parent 5dbca32844
commit 7f48302f1a
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/45-environment-deferred.php
View File

@ -28,4 +28,4 @@ if($env->is_history_revision)
else if(isset($pageindex->{$env->page}))
$env->page_filename .= $pageindex->{$env->page}->filename;
$env->action = strtolower($_GET["action"]);
$env->action = preg_replace("/[^a-z0-9\-_]/", "", strtolower($_GET["action"]));