Skip to content
Permalink
Browse files Browse the repository at this point in the history
fixes #87, possible XSS in config panel
  • Loading branch information
azett committed Jan 8, 2023
1 parent 264217f commit 0ee4f2e
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions admin/panels/config/admin.config.php
Expand Up @@ -124,14 +124,14 @@ function onsave() {
'title' => wp_specialchars(stripslashes($_POST ['title'])),
'subtitle' => wp_specialchars(stripslashes($_POST ['subtitle'])),
'footer' => wp_specialchars(stripslashes($_POST ['blogfooter'])),
'author' => $_POST ['author'],
'email' => $_POST ['email'],
'author' => wp_specialchars($_POST ['author']),
'email' => wp_specialchars($_POST ['email']),
'startpage' => ($_POST ['startpage'] == ':NULL:') ? null : $_POST ['startpage'],
'maxentries' => $_POST ['maxentries'],
// 'voting' => $_POST['voting'],
'notify' => isset($_POST ['notify']),
/* preserve the following */
'theme' => $fp_config ['general'] ['theme'],
// preserve the following
'theme' => $fp_config ['general'] ['theme'],
'style' => @$fp_config ['general'] ['style'],
'blogid' => $fp_config ['general'] ['blogid'],
'charset' => 'utf-8'
Expand Down

0 comments on commit 0ee4f2e

Please sign in to comment.