tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 00:34:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix cross-site scripting vulnerability

Browse Source
This commit is contained in:
alejandro-campos 2020-04-14 12:50:19 +02:00
parent 987d8f4c75
commit 268e317ca3
1 changed files with 1 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/operation/messages/message_edit.php
View File

@ -127,17 +127,7 @@ if ($read_message) {
).' '.$user_name; ).' '.$user_name;
} }
$order = [ $parsed_message = nl2br(htmlspecialchars(trim(io_safe_output($row['message']))));
"\r\n",
"\n",
"\r",
];
$replace = '<br />';
$parsed_message = str_replace(
$order,
$replace,
trim(io_safe_output($row['message']))
);
echo '<div class="container">'; echo '<div class="container">';
echo ' <p>'.$parsed_message.'</p>'; echo ' <p>'.$parsed_message.'</p>';