Lazarus/HtmGem
1
0
Fork 0
forked from sbgodin/HtmGem
Code Pull Requests Activity

Fix possible XSS.

Browse Source
This commit is contained in:
Lazarus 2024-01-07 14:58:33 +01:00
parent 33839c0fbb
commit bbfd7dc396
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
index.php
View File

@ -12,6 +12,9 @@ $domain = $_SERVER['HTTP_HOST'];
$php_self = $_SERVER['PHP_SELF']; // by default: /htmgem/index.php
$php_self_dir = dirname($php_self);
$url = @$_REQUEST["url"];
$style = htmlspecialchars(@$_REQUEST['style']);
$urlRewriting = @$_REQUEST["rw"]=="1";
/**
@ -82,8 +85,6 @@ $fileContents = @file_get_contents($filePath);
/* CSS and special style management
*/
$style = @$_REQUEST['style'];
if ("source" == $style) {
$basename = basename($filePath);
header("Cache-Control: public");
@ -129,5 +130,4 @@ if (empty($style)) {
if ($urlRewriting)
echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url);
else
echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url, "$php_self?url=");
echo \htmgem\html\getHtmlWithMenu($gt_html, $scheme, $domain, $url, "$php_self?url=");