XSS attack <script>console.warm('pwned')</script>

[marcoscaceres]

Because we were not sanitizing the titles of Github bugs, we left ourselves open to a XSS attack. @marcoscaceres tried to fix this with:

htmlspecialchars($var, ENT_QUOTES, 'UTF-8').

But he is no PHP security expert.

[marcoscaceres]

Need to fix this ASAP

[marcoscaceres]

Ok, I think I fixed it with: htmlspecialchars($var, ENT_QUOTES, 'UTF-8').

However, need security review.

[marcoscaceres]

testing again

[marcoscaceres]

Seems ok now, but would really like a proper review. Maybe @attiks can do it or knows someone? The file in question is: https://github.com/ResponsiveImagesCG/responsiveimages.org/blob/master/issues.php#L86 (print_issues() function)

[attiks]

did you push the latest changes?

[marcoscaceres]

ah, my bad. I did not. I only pushed to the website... pushing now.

[marcoscaceres]

ResponsiveImagesCG/responsiveimages.org@aee6f24

[attiks]

That should do it.