From 0ee4f2e8a7b9276880b56858e408cc9c6643cc3b Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sun, 8 Jan 2023 13:11:22 +0100
Subject: [PATCH] fixes #87, possible XSS in config panel

---
 admin/panels/config/admin.config.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/admin/panels/config/admin.config.php b/admin/panels/config/admin.config.php
index ab0abbf..4f90d9c 100755
--- a/admin/panels/config/admin.config.php
+++ b/admin/panels/config/admin.config.php
@@ -124,14 +124,14 @@ class admin_config_default extends AdminPanelActionValidated {
 			'title' => wp_specialchars(stripslashes($_POST ['title'])),
 			'subtitle' => wp_specialchars(stripslashes($_POST ['subtitle'])),
 			'footer' => wp_specialchars(stripslashes($_POST ['blogfooter'])),
-			'author' => $_POST ['author'],
-			'email' => $_POST ['email'],
+			'author' => wp_specialchars($_POST ['author']),
+			'email' => wp_specialchars($_POST ['email']),
 			'startpage' => ($_POST ['startpage'] == ':NULL:') ? null : $_POST ['startpage'],
 			'maxentries' => $_POST ['maxentries'],
 			// 'voting' => $_POST['voting'],
 			'notify' => isset($_POST ['notify']),
-				/* preserve the following */
-				'theme' => $fp_config ['general'] ['theme'],
+			// preserve the following
+			'theme' => $fp_config ['general'] ['theme'],
 			'style' => @$fp_config ['general'] ['style'],
 			'blogid' => $fp_config ['general'] ['blogid'],
 			'charset' => 'utf-8'