Skip to content
Permalink
Browse files

[XSS FIX] b52f033#diff-601c90b3f020dff0f9f5354d7bfb69f8 changes cause…

…d an XSS vulnerability

because of `rawurldecode()`

Now fixed. Thanks to https://cxsecurity.com/issue/WLB-2019040120 report
  • Loading branch information...
pH-7 committed May 6, 2019
1 parent 971abd0 commit 6b95281dd34ba56036595ee3dfa6423e38c36a7c
Showing with 4 additions and 1 deletion.
  1. +4 −1 _protected/framework/Mvc/Request/Http.class.php
@@ -304,7 +304,10 @@ public function requestUri()
*/
public function currentUrl()
{
return PH7_URL_PROT . PH7_DOMAIN . $this->getUri();
return htmlspecialchars(
PH7_URL_PROT . PH7_DOMAIN . $this->getUri(),
ENT_QUOTES
);
}
/**

0 comments on commit 6b95281

Please sign in to comment.
You can’t perform that action at this time.