1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-25 05:22:59 +00:00

Bugfix: Fix XSS via action GET parameter.

Ref CVE-2021-38601

Serously, don't make public GitHub repos before contacting me!

https://github.com/hmaverickadams/CVE-2021-38601
This commit is contained in:
Starbeamrainbowlabs 2021-09-02 21:08:01 +01:00
parent 5dbca32844
commit 7f48302f1a
Signed by: sbrl
GPG key ID: 1BE5172E637709C2

View file

@ -28,4 +28,4 @@ if($env->is_history_revision)
else if(isset($pageindex->{$env->page})) else if(isset($pageindex->{$env->page}))
$env->page_filename .= $pageindex->{$env->page}->filename; $env->page_filename .= $pageindex->{$env->page}->filename;
$env->action = strtolower($_GET["action"]); $env->action = preg_replace("/[^a-z0-9\-_]/", "", strtolower($_GET["action"]));