Skip to content

Commit d289eb4

Browse files
author
Isaac Connor
committed
File must be escaped as well to prevent XSS
1 parent 2f295a2 commit d289eb4

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: web/ajax/log.php

+1
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,7 @@ function queryRequest() {
161161
// First strip out any html tags
162162
// Second strip out all characters that are not ASCII 32-126 (yes, 126)
163163
$row['Message'] = preg_replace('/[^\x20-\x7E]/', '', strip_tags($row['Message']));
164+
$row['File'] = preg_replace('/[^\x20-\x7E]/', '', strip_tags($row['File']));
164165
$rows[] = $row;
165166
}
166167
$data['rows'] = $rows;

0 commit comments

Comments
 (0)