mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-25 05:22:59 +00:00
Bugfix: Fix XSS via action GET parameter.
Ref CVE-2021-38601 Serously, don't make public GitHub repos before contacting me! https://github.com/hmaverickadams/CVE-2021-38601
This commit is contained in:
parent
5dbca32844
commit
7f48302f1a
1 changed files with 1 additions and 1 deletions
|
@ -28,4 +28,4 @@ if($env->is_history_revision)
|
||||||
else if(isset($pageindex->{$env->page}))
|
else if(isset($pageindex->{$env->page}))
|
||||||
$env->page_filename .= $pageindex->{$env->page}->filename;
|
$env->page_filename .= $pageindex->{$env->page}->filename;
|
||||||
|
|
||||||
$env->action = strtolower($_GET["action"]);
|
$env->action = preg_replace("/[^a-z0-9\-_]/", "", strtolower($_GET["action"]));
|
||||||
|
|
Loading…
Reference in a new issue