mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-25 05:22:59 +00:00
action-hash: fix potential XSS in string GET param
This commit is contained in:
parent
b6fc5941b7
commit
e0f65c2e65
2 changed files with 2 additions and 1 deletions
|
@ -26,6 +26,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
|||
- `action`
|
||||
- `action=watchlist-edit`: `returnto`, `do`
|
||||
- `action=watchlist`: `format`
|
||||
- `action=hash`: `string`
|
||||
- Fixed a weird bug in the `stats-update` action causing warnings
|
||||
- search: Properly apply weightings of matches in page titles and tags
|
||||
- Improved error handling on first run where the PHP Zip extension is not installed
|
||||
|
|
|
@ -42,7 +42,7 @@ register_module([
|
|||
exit(hash_password($_GET["string"]));
|
||||
}
|
||||
else {
|
||||
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: <code>$settings->password_algorithm</code></p>\n<p><code>" . $_GET["string"] . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
|
||||
exit(page_renderer::render_main("Hashed string", "<p>Algorithm: <code>$settings->password_algorithm</code></p>\n<p><code>" . htmlentities($_GET["string"]) . "</code> → <code>" . hash_password($_GET["string"]) . "</code></p>"));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue