Skip to content
Permalink
Browse files Browse the repository at this point in the history
File must be escaped as well to prevent XSS
  • Loading branch information
Isaac Connor committed Sep 30, 2022
1 parent 2f295a2 commit d289eb4
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions web/ajax/log.php
Expand Up @@ -161,6 +161,7 @@ function queryRequest() {
// First strip out any html tags
// Second strip out all characters that are not ASCII 32-126 (yes, 126)
$row['Message'] = preg_replace('/[^\x20-\x7E]/', '', strip_tags($row['Message']));
$row['File'] = preg_replace('/[^\x20-\x7E]/', '', strip_tags($row['File']));
$rows[] = $row;
}
$data['rows'] = $rows;
Expand Down

0 comments on commit d289eb4

Please sign in to comment.