Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS when changing template
  • Loading branch information
ignacionelson committed Dec 15, 2022
1 parent b151674 commit 698be4a
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions templates.php
Expand Up @@ -10,10 +10,17 @@
$active_nav = 'templates';
include_once ADMIN_VIEWS_DIR . DS . 'header.php';

$templates = look_for_templates();
$valid_templates = array_map(function($t) { return $t['location']; }, $templates);

/**
* Changing the client's template
*/
if (isset($_GET['activate_template'])) {
if (!in_array($_GET['activate_template'], $valid_templates)) {
exit_with_error_code(403);
}

$save = save_option('selected_clients_template', $_GET['activate_template']);

global $flash;
Expand All @@ -28,8 +35,6 @@

ps_redirect(BASE_URI . 'templates.php');
}

$templates = look_for_templates();
?>
<div class="row">
<div class="col-12 col-sm-12 col-lg-12">
Expand Down

0 comments on commit 698be4a

Please sign in to comment.