sbrl-github/Pepperminty-Wiki
sbrl-github/Pepperminty-Wiki
1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00
Code Activity

Bugfix: Fix XSS via action GET parameter.

Browse source 
Ref CVE-2021-38601

Serously, don't make public GitHub repos before contacting me!

https://github.com/hmaverickadams/CVE-2021-38601
This commit is contained in:
Starbeamrainbowlabs 2021-09-02 21:08:01 +01:00
parent 5dbca32844
commit 7f48302f1a
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
core/45-environment-deferred.php
View file

@ -28,4 +28,4 @@ if($env->is_history_revision)
else if(isset($pageindex->{$env->page})) else if(isset($pageindex->{$env->page}))
$env->page_filename .= $pageindex->{$env->page}->filename; $env->page_filename .= $pageindex->{$env->page}->filename;
$env->action = strtolower($_GET["action"]); $env->action = preg_replace("/[^a-z0-9\-_]/", "", strtolower($_GET["action"]));