Skip to content
This repository has been archived by the owner on Apr 30, 2021. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #6 from lacaulac/patch-1
- Fixed an XSS vulnerability (patch by @lacaulac)
Thanks for reporting it!
  • Loading branch information
Chris92de committed Sep 29, 2020
2 parents 7bc4f9a + 8d3c36f commit 9a45087
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion resources/core/adminserv.php
Expand Up @@ -63,6 +63,9 @@ public static function error($text = null){
if($text === null){
$text = '['.$client->getErrorCode().'] '.Utils::t( $client->getErrorMessage() );
}
else {
$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
}

AdminServLogs::add('error', $text);
unset($_SESSION['info']);
Expand Down Expand Up @@ -2023,4 +2026,4 @@ public static function getPlaylistData($filename){
return $out;
}
}
?>
?>

0 comments on commit 9a45087

Please sign in to comment.