diff --git a/CHANGELOG.md b/CHANGELOG.md
index 868fbc7..a1411a9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,13 @@
All notable changes to this project will be documented in this file.
+## [5.2.8](https://github.com/spipu/html2pdf/compare/v5.2.7...v5.2.8) - 2023-07-18
+
+ * fix XSS vulnerabilities in examples `example9.php` and `forms.php` - thanks to Michał Majchrowicz, Livio Victoriano and Zbigniew Piotrak from [AFINE Team](https://www.afine.pl/)
+
## [5.2.7](https://github.com/spipu/html2pdf/compare/v5.2.6...v5.2.7) - 2023-02-02
-* fix phunit compatibility
+ * fix phunit compatibility
## [5.2.6](https://github.com/spipu/html2pdf/compare/v5.2.5...v5.2.6) - 2023-01-28
diff --git a/examples/example09.php b/examples/example09.php
index baf6bd1..ceda1bf 100644
--- a/examples/example09.php
+++ b/examples/example09.php
@@ -15,23 +15,18 @@
use Spipu\Html2Pdf\Exception\Html2PdfException;
use Spipu\Html2Pdf\Exception\ExceptionFormatter;
-if (isset($_SERVER['REQUEST_URI'])) {
- $generate = isset($_GET['make_pdf']);
- $nom = isset($_GET['nom']) ? $_GET['nom'] : 'inconnu';
- $url = dirname($_SERVER['REQUEST_URI']);
- if (substr($url, 0, 7)!=='http://') {
- $url = 'http://'.$_SERVER['HTTP_HOST'].$url;
- }
-} else {
+$name = 'spipu';
+$generate = false;
+
+if (isset($_GET['nom'])) {
+ $generate = true;
+ $name = $_GET['nom'];
+ $name = preg_replace('/[^a-zA-Z0-9]/isU', '', $name);
+ $name = substr($name, 0, 26);
+} else if (!isset($_SERVER['REQUEST_URI'])) {
$generate = true;
- $nom = 'spipu';
- $url = 'http://localhost/html2pdf/examples/';
}
-$nom = substr(preg_replace('/[^a-zA-Z0-9]/isU', '', $nom), 0, 26);
-$url.= '/res/example09.png.php?px=5&py=20';
-
-
if ($generate) {
ob_start();
} else {
@@ -49,13 +44,13 @@
Ceci est un exemple de génération de PDF via un bouton :)
-
+
-Bonjour , ton nom peut s'écrire :
-