mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-30 01:05:39 +02:00
#11795 Prevent XSS attack in site news page
This commit is contained in:
parent
319a4e1743
commit
cf7b123eb0
@ -259,6 +259,8 @@ if (!empty($news)) {
|
|||||||
|
|
||||||
$output_news .= '</div></div>';
|
$output_news .= '</div></div>';
|
||||||
} else {
|
} else {
|
||||||
|
$text = str_replace('<script', '<script', $text);
|
||||||
|
$text = str_replace('</script', '</script', $text);
|
||||||
$output_news .= nl2br($text);
|
$output_news .= nl2br($text);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user