Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed a potential XSS vulnerability.
User input wasn't being sanitized before output. Thanks HTB Security Research Lab for notifying us.
  • Loading branch information
xhezairbey committed Feb 1, 2012
1 parent 87abb19 commit f69bd79
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion includes/ajax.php
Expand Up @@ -87,7 +87,7 @@
$_POST['feather']);

echo "<h2 class=\"preview-header\">".__("Preview")."</h2>\n".
"<div class=\"preview-content\">".$_POST['content']."</div>";
"<div class=\"preview-content\">".fix($_POST['content'])."</div>";
break;

case "check_confirm":
Expand Down

0 comments on commit f69bd79

Please sign in to comment.