Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed possible admin XSS attack vector
  • Loading branch information
thorsten committed Oct 10, 2017
1 parent 8676181 commit 2d2a85b
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
3 changes: 2 additions & 1 deletion phpmyfaq/admin/configuration.php
Expand Up @@ -50,7 +50,8 @@
'main.contactInformations',
'main.customPdfHeader',
'main.customPdfFooter',
'main.titleFAQ'
'main.titleFAQ',
'main.metaKeywords'
];

// Special checks
Expand Down
4 changes: 2 additions & 2 deletions phpmyfaq/index.php
Expand Up @@ -484,8 +484,8 @@
'version' => $faqConfig->get('main.currentVersion'),
'header' => PMF_String::htmlspecialchars(str_replace('"', '', $faqConfig->get('main.titleFAQ'))),
'metaTitle' => PMF_String::htmlspecialchars(str_replace('"', '', $faqConfig->get('main.titleFAQ').$title)),
'metaDescription' => $metaDescription,
'metaKeywords' => $keywords,
'metaDescription' => PMF_String::htmlspecialchars($metaDescription),
'metaKeywords' => PMF_String::htmlspecialchars($keywords),
'metaPublisher' => $faqConfig->get('main.metaPublisher'),
'metaLanguage' => $PMF_LANG['metaLanguage'],
'metaCharset' => 'utf-8', // backwards compability
Expand Down

0 comments on commit 2d2a85b

Please sign in to comment.