Skip to content

Commit

Permalink
fix xss in debugger; move to pure-js version of visualeditor
Browse files Browse the repository at this point in the history
  • Loading branch information
@gggeek
gggeek committed Dec 16, 2022
1 parent 76b05c7 commit 055fc36
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions debugger/action.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -546,6 +546,7 @@

<h3>Changelog</h3>
<ul>
<li>2022-12-xx: fix XSS vulnerability in the debugger</li>
<li>2022-11-28: allow to use http/2 protocol; two security issues fixed in the underlying library</li>
<li>2020-12-11: fix problems with running the debugger on php 8</li>
<li>2015-05-30: fix problems with generating method payloads for NIL and Undefined parameters</li>
Expand Down
2 changes: 1 addition & 1 deletion debugger/controller.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ function displaydialogeditorbtn(show) {
}

function activateeditor() {
var url = '<?php echo $editorpath; ?>visualeditor.php?params=<?php echo $alt_payload; ?>';
var url = '<?php echo $editorpath; ?>visualeditor.html?params=<?php echo str_replace(array("\\", "'"), array( "\\\\","\\'"), $alt_payload); ?>';
if (document.frmaction.wstype.value == "1")
url += '&type=jsonrpc';
var wnd = window.open(url, '_blank', 'width=750, height=400, location=0, resizable=1, menubar=0, scrollbars=1');
Expand Down

0 comments on commit 055fc36

Please sign in to comment.