Permalink
Browse files

Form data XSS

Encode html entities of cached form data
  • Loading branch information...
protich committed Sep 14, 2017
1 parent d2ef3b1 commit bcd58e885461bd97357d20efcd752135f3f4af2a
Showing with 2 additions and 1 deletion.
  1. +2 −1 include/ajax.forms.php
View
@@ -21,7 +21,8 @@ function getFormsForHelpTopic($topic_id, $client=false) {
if ($_GET || isset($_SESSION[':form-data'])) {
if (!is_array($_SESSION[':form-data']))
$_SESSION[':form-data'] = array();
$_SESSION[':form-data'] = array_merge($_SESSION[':form-data'], $_GET);
$_SESSION[':form-data'] = array_merge($_SESSION[':form-data'],
Format::htmlchars($_GET));
}
foreach ($topic->getForms() as $form) {

0 comments on commit bcd58e8

Please sign in to comment.