Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes #87, possible XSS in config panel

Browse Source
This commit is contained in:
azett 2023-01-08 13:11:22 +01:00
parent 264217f318
commit 0ee4f2e8a7
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
admin/panels/config/admin.config.php
View File

@ -124,14 +124,14 @@ class admin_config_default extends AdminPanelActionValidated {
'title' => wp_specialchars(stripslashes($_POST ['title'])), 'title' => wp_specialchars(stripslashes($_POST ['title'])),
'subtitle' => wp_specialchars(stripslashes($_POST ['subtitle'])), 'subtitle' => wp_specialchars(stripslashes($_POST ['subtitle'])),
'footer' => wp_specialchars(stripslashes($_POST ['blogfooter'])), 'footer' => wp_specialchars(stripslashes($_POST ['blogfooter'])),
'author' => $_POST ['author'], 'author' => wp_specialchars($_POST ['author']),
'email' => $_POST ['email'], 'email' => wp_specialchars($_POST ['email']),
'startpage' => ($_POST ['startpage'] == ':NULL:') ? null : $_POST ['startpage'], 'startpage' => ($_POST ['startpage'] == ':NULL:') ? null : $_POST ['startpage'],
'maxentries' => $_POST ['maxentries'], 'maxentries' => $_POST ['maxentries'],
// 'voting' => $_POST['voting'], // 'voting' => $_POST['voting'],
'notify' => isset($_POST ['notify']), 'notify' => isset($_POST ['notify']),
/* preserve the following */ // preserve the following
'theme' => $fp_config ['general'] ['theme'], 'theme' => $fp_config ['general'] ['theme'],
'style' => @$fp_config ['general'] ['style'], 'style' => @$fp_config ['general'] ['style'],
'blogid' => $fp_config ['general'] ['blogid'], 'blogid' => $fp_config ['general'] ['blogid'],
'charset' => 'utf-8' 'charset' => 'utf-8'