fix XSS in webchatlink variable (#63)
continuous-integration/drone/push Build is passing Details

webchatlink variable comes from the json file and was echoed unencoded

Reviewed-on: #63
Co-authored-by: Alexander <alexlehm@cosmic.voyage>
Co-committed-by: Alexander <alexlehm@cosmic.voyage>
This commit is contained in:
Alexander 2023-05-16 18:03:45 +00:00 committed by Ben Harris
parent a6d3705f42
commit 420fd558c6
1 changed files with 1 additions and 1 deletions

View File

@ -37,7 +37,7 @@ include __DIR__."/../header.php";
<tbody data-link="row" class="rowlink">
<?php foreach($stats->channels as $channel): ?>
<tr>
<td><a href="<?=$channel->webchatlink?>"><?=htmlspecialchars($channel->name)?></a></td>
<td><a href="<?=htmlspecialchars($channel->webchatlink)?>"><?=htmlspecialchars($channel->name)?></a></td>
<td><?=htmlspecialchars($channel->usercount)?></td>
<td style="word-wrap: break-word; white-space: pre-wrap; max-width:700px"><?=htmlspecialchars($channel->topic)?></td>
</tr>