mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-21 16:13:00 +00:00
action-hash: fix potential XSS in string GET param
This commit is contained in:
parent
b6fc5941b7
commit
e0f65c2e65
2 changed files with 2 additions and 1 deletions
|
@ -26,6 +26,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
||||||
- `action`
|
- `action`
|
||||||
- `action=watchlist-edit`: `returnto`, `do`
|
- `action=watchlist-edit`: `returnto`, `do`
|
||||||
- `action=watchlist`: `format`
|
- `action=watchlist`: `format`
|
||||||
|
- `action=hash`: `string`
|
||||||
- Fixed a weird bug in the `stats-update` action causing warnings
|
- Fixed a weird bug in the `stats-update` action causing warnings
|
||||||
- search: Properly apply weightings of matches in page titles and tags
|
- search: Properly apply weightings of matches in page titles and tags
|
||||||
- Improved error handling on first run where the PHP Zip extension is not installed
|
- Improved error handling on first run where the PHP Zip extension is not installed
|
||||||
|
|
|
@ -42,7 +42,7 @@ register_module([
|
||||||
exit(hash_password($_GET["string"]));
|
exit(hash_password($_GET["string"]));
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: <code>$settings->password_algorithm</code></p>\n<p><code>" . $_GET["string"] . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
|
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: <code>$settings->password_algorithm</code></p>\n<p><code>" . htmlentities($_GET["string"]) . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue