feature-watchlist: Fix Potential XSS in do GET parameter

2024-11-21 16:13:00 +00:00 · 2021-09-02 21:21:17 +01:00 · 2021-09-02 21:21:17 +01:00 · dfe76d1d9b
commit dfe76d1d9b
parent 96546184dc
1 changed files with 1 additions and 1 deletions
--- a/modules/feature-watchlist.php
+++ b/modules/feature-watchlist.php
@ -130,7 +130,7 @@ register_module([
 			global $settings, $env, $pageindex;
 			
 			// The thing we should do.
-			$do = $_GET["do"] ?? "null";
+			$do = slugify($_GET["do"] ?? "null");
 			// The location we should redirect to after doing it successfully, if anywhere
 			$returnto = empty($_GET["returnto"]) ? null : $_GET["returnto"];