forked from tildeverse/tilde.chat
fix XSS in webchatlink variable (#63)
webchatlink variable comes from the json file and was echoed unencoded Reviewed-on: tildeverse/tilde.chat#63 Co-authored-by: Alexander <alexlehm@cosmic.voyage> Co-committed-by: Alexander <alexlehm@cosmic.voyage>
This commit is contained in:
parent
a6d3705f42
commit
420fd558c6
|
@ -37,7 +37,7 @@ include __DIR__."/../header.php";
|
|||
<tbody data-link="row" class="rowlink">
|
||||
<?php foreach($stats->channels as $channel): ?>
|
||||
<tr>
|
||||
<td><a href="<?=$channel->webchatlink?>"><?=htmlspecialchars($channel->name)?></a></td>
|
||||
<td><a href="<?=htmlspecialchars($channel->webchatlink)?>"><?=htmlspecialchars($channel->name)?></a></td>
|
||||
<td><?=htmlspecialchars($channel->usercount)?></td>
|
||||
<td style="word-wrap: break-word; white-space: pre-wrap; max-width:700px"><?=htmlspecialchars($channel->topic)?></td>
|
||||
</tr>
|
||||
|
|
Loading…
Reference in New Issue