tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 00:34:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

#11795 Prevent XSS attack in site news page

Browse Source
This commit is contained in:
miguel angel rasteu 2023-07-28 12:36:10 +02:00
parent 319a4e1743
commit cf7b123eb0
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/general/logon_ok.php
View File

@ -259,6 +259,8 @@ if (!empty($news)) {
$output_news .= '</div></div>';
} else {
$text = str_replace('<script', '&lt;script', $text);
$text = str_replace('</script', '&lt;/script', $text);
$output_news .= nl2br($text);
}