Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix reflected XXS issue
  • Loading branch information
jaapmarcus committed Jun 30, 2023
1 parent 4b4939d commit 2326aa5
Showing 1 changed file with 14 additions and 8 deletions.
22 changes: 14 additions & 8 deletions web/templates/pages/debug_panel.php
@@ -1,3 +1,9 @@
<?php
if( !defined("HESTIA_DIR_BIN") ){
die("Direct access disabled");
}
?>

<div x-data="{ open: false }" class="debug-panel">
<button
type="button"
Expand All @@ -10,26 +16,26 @@ class="debug-panel-toggle"
<?php
echo "<h3 class=\"u-mb10\">Server Variables</h3>";
foreach ($_SERVER as $key => $val) {
echo "<b>" . $key . "= </b> " . $val . " ";
echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
}
?>
?>
<?php
echo "<h3 class=\"u-mb10 u-mt10\">Session Variables</h3>";
foreach ($_SESSION as $key => $val) {
echo "<b>" . $key . "= </b> " . $val . " ";
echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
}
?>
?>
<?php
echo "<h3 class=\"u-mb10 u-mt10\">POST Variables</h3>";
foreach ($_POST as $key => $val) {
echo "<b>" . $key . "= </b> " . $val . " ";
echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
}
?>
?>
<?php
echo "<h3 class=\"u-mb10 u-mt10\">GET Variables</h3>";
foreach ($_GET as $key => $val) {
echo "<b>" . $key . "= </b> " . $val . " ";
echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
}
?>
?>
</div>
</div>

0 comments on commit 2326aa5

Please sign in to comment.