Skip to content

Commit

Permalink
Escape the guild description before parsing URLs and Minecraft chat c…
Browse files Browse the repository at this point in the history 
…olours, to prevent XSS injections. Credit to @BadPingHere for alerting me to this issue
  • Loading branch information
@MaxKorlaar
MaxKorlaar committed Aug 22, 2023
1 parent 8032e95 commit 36c2879
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions app/Http/Controllers/Guild/GuildController.php
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?php
/*
* Copyright (c) 2020-2022 Max Korlaar
* Copyright (c) 2020-2023 Max Korlaar
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
Expand Down Expand Up @@ -196,7 +196,7 @@ public function getInfo(string $nameOrId) {
'formatted_tag' => ColorUtils::getColorParser()->parse($guild->getTagColor() . $guild->getTag()),
'preferred_games' => $preferredGames,
'most_active_games' => $mostActiveGames,
'description' => ColorUtils::getColorParser()->parse(preg_replace('/([&§]([0-9A-FK-ORa-fk-or]))/iu', ColorUtils::COLOR_CHAR . "\$2", $this->linkify($guild->getDescription())))
'description' => ColorUtils::getColorParser()->parse(preg_replace('/([&§]([0-9A-FK-ORa-fk-or]))/iu', ColorUtils::COLOR_CHAR . "\$2", $this->linkify(e($guild->getDescription()))))
]);
}

Expand Down

0 comments on commit 36c2879

Please sign in to comment.