fixed XSS vulnerability
This commit is contained in:
parent
538d9a38e2
commit
c307964443
25
wiki.php
25
wiki.php
|
@ -14,17 +14,30 @@ $style = $_GET['style'];
|
||||||
$Parsedown = new Parsedown();
|
$Parsedown = new Parsedown();
|
||||||
$Parsedown->setSafeMode(true);
|
$Parsedown->setSafeMode(true);
|
||||||
|
|
||||||
|
$page = htmlentities($page);
|
||||||
|
$style = htmlentities($style);
|
||||||
|
|
||||||
|
|
||||||
if ( $page == "") {
|
if ( $page == "") {
|
||||||
$page = "main";
|
$page = "main";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!file_exists("$doc_root/articles/$page.md")) {
|
||||||
|
$page = "main";
|
||||||
|
}
|
||||||
|
|
||||||
if ( $style == "") {
|
if ( $style == "") {
|
||||||
if ( $site_style == "") {
|
if ( $site_style == "") {
|
||||||
$site_style="site";
|
$site_style="site";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$site_style=$style;
|
if (file_exists("$doc_root/includes/$style.md")) {
|
||||||
|
$site_style=$style;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$site_style="site";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$header = file_get_contents("$doc_root/includes/header.md");
|
$header = file_get_contents("$doc_root/includes/header.md");
|
||||||
|
|
Loading…
Reference in New Issue