From dfe76d1d9bc82a2f7bc50440f8dd30fc3ebfac3d Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Thu, 2 Sep 2021 21:21:17 +0100 Subject: [PATCH] feature-watchlist: Fix Potential XSS in do GET parameter --- modules/feature-watchlist.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/feature-watchlist.php b/modules/feature-watchlist.php index 3995049..2a32cb8 100644 --- a/modules/feature-watchlist.php +++ b/modules/feature-watchlist.php @@ -130,7 +130,7 @@ register_module([ global $settings, $env, $pageindex; // The thing we should do. - $do = $_GET["do"] ?? "null"; + $do = slugify($_GET["do"] ?? "null"); // The location we should redirect to after doing it successfully, if anywhere $returnto = empty($_GET["returnto"]) ? null : $_GET["returnto"];