sbrl-github/Pepperminty-Wiki
sbrl-github
/
Pepperminty-Wiki
mirror of https://github.com/sbrl/Pepperminty-Wiki.git
1
0
Fork 0
Code

action-hash: fix potential XSS in string GET param

This commit is contained in:
Starbeamrainbowlabs 2021-09-02 21:27:26 +01:00
parent b6fc5941b7
commit e0f65c2e65
Signed by: sbrl
GPG Key ID: 1BE5172E637709C2
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog.md
View File

@ -26,6 +26,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
- `action`
- `action=watchlist-edit`: `returnto`, `do`
- `action=watchlist`: `format`
- `action=hash`: `string`
- Fixed a weird bug in the `stats-update` action causing warnings
- search: Properly apply weightings of matches in page titles and tags
- Improved error handling on first run where the PHP Zip extension is not installed

2
modules/action-hash.php
View File

@ -42,7 +42,7 @@ register_module([
exit(hash_password($_GET["string"]));
}
else {
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: <code>$settings->password_algorithm</code></p>\n<p><code>" . $_GET["string"] . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: <code>$settings->password_algorithm</code></p>\n<p><code>" . htmlentities($_GET["string"]) . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
}
});
}