Skip to content
Permalink
Browse files
phoromatic: Run htmlspecialchars() when printing out the passed trigger
This shouldn't be much of an issue anyhow since getting to this stage firt requires having credentials / API access key, there isn't any JavaScript used besides some display elements on the Phoromatic site, and anyhow most running Phoromatic on private intranets

Reported-By: wtwver on @huntr-dev
  • Loading branch information
michaellarabel committed Sep 7, 2021
1 parent 61a284d commit 262d2388ed64148844000f1356d289a847a42799
Showing with 1 addition and 1 deletion.
  1. +1 −1 pts-core/phoromatic/public_html/event.php
@@ -93,7 +93,7 @@
$stmt->bindValue(':sub_target', $sub_target);
if($stmt->execute())
{
echo 'Trigger ' . $_GET['trigger'] . ' added!';
echo 'Trigger ' . htmlspecialchars($_GET['trigger']) . ' added!';
}
break;

0 comments on commit 262d238

Please sign in to comment.