Skip to content
Permalink
Browse files

Fix an XSS vulnerability

Updated the viewthread.php file to fix a stored XSS vulnerability in the title of forum posts.
  • Loading branch information...
HexPandaa committed Apr 14, 2019
1 parent 194c5ae commit ee878212d691d2f3c6bab92002afb599846d3e0f
Showing with 1 addition and 1 deletion.
  1. +1 −1 main/forum/viewthread.php
@@ -634,7 +634,7 @@
'Aw:',
];
$replace = '<span>'.Display::returnFontAwesomeIcon('mail-reply').'</span>';
$post['post_title'] = str_replace($search, $replace, $post['post_title']);
$post['post_title'] = str_replace($search, $replace, Security::remove_XSS($post['post_title']));
// The post title
$titlePost = Display::tag('h3', $post['post_title'], ['class' => 'forum_post_title']);

0 comments on commit ee87821

Please sign in to comment.
You can’t perform that action at this time.