tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5691-Vulnerabilidad-XSS-en-sistema-de-mensajes' into 'develop'

Browse Source 
fix cross-site scripting vulnerability

See merge request artica/pandorafms!3156
This commit is contained in:
Alejandro Fraguas 2020-04-14 15:36:48 +02:00
commit 254a32be22
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/operation/messages/message_edit.php
View File

@ -127,17 +127,7 @@ if ($read_message) {
).' '.$user_name; ).' '.$user_name;
} }
$order = [ $parsed_message = nl2br(htmlspecialchars(trim(io_safe_output($row['message']))));
"\r\n",
"\n",
"\r",
];
$replace = '<br />';
$parsed_message = str_replace(
$order,
$replace,
trim(io_safe_output($row['message']))
);
echo '<div class="container">'; echo '<div class="container">';
echo ' <p>'.$parsed_message.'</p>'; echo ' <p>'.$parsed_message.'</p>';