Skip to content
Permalink
Browse files Browse the repository at this point in the history
Block XSS in wget commands (file links)
  • Loading branch information
ikoniaris committed Jun 18, 2015
1 parent 988641f commit e6587ec
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion class/KippoInput.class.php
Expand Up @@ -444,7 +444,7 @@ public function printWgetCommands()
echo '<td>' . $counter . '</td>';
echo '<td>' . $row['timestamp'] . '</td>';
echo '<td>' . xss_clean($row['input']) . '</td>';
$file_link = explode(" ", trim($row['file']))[0];
$file_link = explode(" ", trim(xss_clean($row['file'])))[0];
// If the link has no "http://" in front, then add it
if (substr(strtolower($file_link), 0, 4) !== 'http') {
$file_link = 'http://' . $file_link;
Expand Down
2 changes: 1 addition & 1 deletion include/play.php
Expand Up @@ -123,7 +123,7 @@
echo '<td>' . $counter . '</td>';
echo '<td>' . $row['timestamp'] . '</td>';
echo '<td>' . xss_clean($row['input']) . '</td>';
$file_link = trim($row['file']);
$file_link = explode(" ", trim(xss_clean($row['file'])))[0];
// If the link has no "http://" in front, then add it
if (substr(strtolower($file_link), 0, 4) !== 'http') {
$file_link = 'http://' . $file_link;
Expand Down

0 comments on commit e6587ec

Please sign in to comment.