Merge pull request #84 from roddux/xss-patch-devel

Fix for XSS bug
pi-hole · Apr 22, 2016 · cb57c0c · cb57c0c
2 parents 861be94 + 26d54cf
commit cb57c0c
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/api.php b/api.php
@@ -47,6 +47,18 @@
         $data = array_merge($data, getAllQueries());
     }
 
-
+    function filterArray(&$a) {
+	    $sanArray = array();
+	    foreach ($a as $k=>$v) {
+	        if (is_array($v)) {
+	            $sanArray[htmlspecialchars($k)] = filterArray($v);
+            } else {
+	            $sanArray[htmlspecialchars($k)] = htmlspecialchars($v);
+            }
+	    }
+	    return $sanArray;
+    }
+
+    $data = filterArray($data);
     echo json_encode($data);
 ?>