Merge pull request #7 from lacaulac/patch-2

Fixed an XSS vulnerability
Chris92de · Oct 4, 2020 · 3ed17da · 3ed17da
2 parents 9a45087 + 6a61568
commit 3ed17da
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/resources/core/adminserv.php b/resources/core/adminserv.php
@@ -72,7 +72,7 @@ public static function error($text = null){
 		$_SESSION['error'] = $text;
 	}
 	public static function info($text){
-		$_SESSION['info'] = $text;
+		$_SESSION['info'] = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
 	}