Skip to content

Commit

Permalink
[FIX] Stored-XSS using htmlentities()
Browse files Browse the repository at this point in the history
  • Loading branch information
@Mik317
Mik317 committed Sep 9, 2020
1 parent 5f414ca commit 3871537
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/Http/Controllers/JournalController.php
View file
Expand Up @@ -160,7 +160,7 @@ public function save(Request $request)

$entry = new Entry;
$entry->account_id = $request->user()->account_id;
$entry->post = $request->input('entry');
$entry->post = htmlentities($request->input('entry'), ENT_QUOTES, 'utf-8');

if ($request->input('title') != '') {
$entry->title = $request->input('title');
Expand Down Expand Up @@ -206,7 +206,7 @@ public function update(Request $request, Entry $entry)
->withErrors($validator);
}

$entry->post = $request->input('entry');
$entry->post = htmlentities($request->input('entry'), ENT_QUOTES, 'utf-8');

if ($request->input('title') != '') {
$entry->title = $request->input('title');
Expand Down

0 comments on commit 3871537

Please sign in to comment.