Skip to content

Commit

Permalink
Fixed possible XSS vulnerabilities reported by Omar Kurt
Browse files Browse the repository at this point in the history
  • Loading branch information
@mystralkk
mystralkk committed Feb 13, 2019
1 parent 550975f commit 0af852c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions public_html/profiles.php
View file
Expand Up @@ -2,7 +2,7 @@

/* Reminder: always indent with 4 spaces (no tabs). */
// +---------------------------------------------------------------------------+
// | Geeklog 2.1 |
// | Geeklog 2.2 |
// +---------------------------------------------------------------------------+
// | profiles.php |
// | |
Expand Down Expand Up @@ -542,7 +542,7 @@ function mailstoryform($sid, $cc = false, $to = '', $toemail = '', $from = '',
break;

case 'emailstory':
$sid = Geeklog\Input::get('sid');
$sid = Geeklog\Input::fGet('sid');

if (empty($sid)) {
COM_redirect($_CONF['site_url'] . '/index.php');
Expand Down
4 changes: 2 additions & 2 deletions system/classes/language.class.php
View file
Expand Up @@ -8,7 +8,7 @@
// | |
// | Geeklog language administration page. |
// +---------------------------------------------------------------------------+
// | Copyright (C) 2016 by the following authors: |
// | Copyright (C) 2019 by the following authors: |
// | |
// | Authors: Kenji ITO - mystralkk AT gmail DOT come |
// +---------------------------------------------------------------------------+
Expand Down Expand Up @@ -338,7 +338,7 @@ public static function adminSave()
$varName = \Geeklog\Input::fPost('var_name', '');
$language = \Geeklog\Input::fPost('language', '');
$name = \Geeklog\Input::fPost('name', '');
$value = \Geeklog\Input::post('value', '');
$value = \Geeklog\Input::fPost('value', '');

if (($id >= 0) && !empty($varName) && !empty($language) && !empty($name)) {
$varName = DB_escapeString($varName);
Expand Down

0 comments on commit 0af852c

Please sign in to comment.