Fix stored xss in profile page.

bigprof-software · Jul 10, 2021 · 3cd1e1d · 3cd1e1d
1 parent 1f1e45f
commit 3cd1e1d
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/app/admin/pageServerStatus.php b/app/admin/pageServerStatus.php
@@ -1,6 +1,6 @@
 <?php
 	$appgini_version = '6.0.1145';
-	$generated_ts = '10/7/2021 9:10:58 PM';
+	$generated_ts = '10/7/2021 9:21:28 PM';
 
 	$currDir = dirname(__FILE__);
 	require("{$currDir}/incCommon.php");

diff --git a/app/membership_profile.php b/app/membership_profile.php
@@ -111,7 +111,7 @@
 	include_once("$currDir/header.php"); ?>
 
 	<div class="page-header">
-		<h1><?php echo sprintf($Translation['Hello user'], $mi['username']); ?></h1>
+		<h1><?php echo sprintf($Translation['Hello user'], htmlspecialchars($mi['username'])); ?></h1>
 	</div>
 	<div id="notify" class="alert alert-success" style="display: none;"></div>
 	<div id="loader" style="display: none;"><i class="glyphicon glyphicon-refresh"></i> <?php echo $Translation['Loading ...']; ?></div>
@@ -223,7 +223,7 @@
 				<div class="panel-body">
 					<div class="form-group">
 						<label><?php echo $Translation['group']; ?></label>
-						<div class="form-control-static"><?php echo $mi['group']; ?></div>
+						<div class="form-control-static"><?php echo htmlspecialchars($mi['group']); ?></div>
 					</div>
 				</div>
 			</div>

diff --git a/orpm.axp b/orpm.axp