fixed XSS vulnerability
This commit is contained in:
parent
538d9a38e2
commit
c307964443
25
wiki.php
25
wiki.php
|
@ -14,17 +14,30 @@ $style = $_GET['style'];
|
|||
$Parsedown = new Parsedown();
|
||||
$Parsedown->setSafeMode(true);
|
||||
|
||||
$page = htmlentities($page);
|
||||
$style = htmlentities($style);
|
||||
|
||||
|
||||
if ( $page == "") {
|
||||
$page = "main";
|
||||
}
|
||||
$page = "main";
|
||||
}
|
||||
|
||||
if (!file_exists("$doc_root/articles/$page.md")) {
|
||||
$page = "main";
|
||||
}
|
||||
|
||||
if ( $style == "") {
|
||||
if ( $site_style == "") {
|
||||
$site_style="site";
|
||||
}
|
||||
if ( $site_style == "") {
|
||||
$site_style="site";
|
||||
}
|
||||
}
|
||||
else {
|
||||
$site_style=$style;
|
||||
if (file_exists("$doc_root/includes/$style.md")) {
|
||||
$site_style=$style;
|
||||
}
|
||||
else {
|
||||
$site_style="site";
|
||||
}
|
||||
}
|
||||
|
||||
$header = file_get_contents("$doc_root/includes/header.md");
|
||||
|
|
Loading…
Reference in New Issue