Skip to content

Commit f69bd79

Browse files
committed
Fixed a potential XSS vulnerability.
User input wasn't being sanitized before output. Thanks HTB Security Research Lab for notifying us.
1 parent 87abb19 commit f69bd79

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: includes/ajax.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,7 @@
8787
$_POST['feather']);
8888

8989
echo "<h2 class=\"preview-header\">".__("Preview")."</h2>\n".
90-
"<div class=\"preview-content\">".$_POST['content']."</div>";
90+
"<div class=\"preview-content\">".fix($_POST['content'])."</div>";
9191
break;
9292

9393
case "check_confirm":

0 commit comments

Comments
 (0)