Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix xss (#31)
Fix XSS on index through "d" param and "photo" param

Co-authored-by: JoMar <contact@jomar.fr>
  • Loading branch information
Dmitri Popov and JoshuaMart committed Oct 13, 2021
1 parent 23429b1 commit 4e8782e
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions index.php
Expand Up @@ -99,8 +99,8 @@ function read_gps_location($file)
echo ("<h1 style='margin-top: 2em;'><mark>Directory doesn't exist</mark></h1>
<div style='display: flex; justify-content: center; line-height: 1.5;'>
<ul>
<li>Create <u>$photo_dir</u> and <u>" . $photo_dir . "tims</u> directories.</li>
<li>Add photos to the <u>$photo_dir</u> directory.</li>
<li>Create <u>" . htmlentities($photo_dir) . "</u> and <u>" . htmlentities($photo_dir) . "tims</u> directories.</li>
<li>Add photos to the <u>" . htmlentities($photo_dir) . "</u> directory.</li>
<li>Refresh this page.</li>
</ul></div>");
exit;
Expand Down Expand Up @@ -357,7 +357,7 @@ function show_pagination($current_page, $last_page, $sub_photo_dir)
$info = "<span style='word-spacing:.1em'>" . $photo_info . "</span>";
$Parsedown = new Parsedown();
// Show photo, EXIF data, description, and info
echo '<div class="center"><a href="' . $file . '" download><img style="max-width: 100%; border-radius: 15px;" src="' . $tim . '" alt=""></a><p class="caption">' . $comment . ' ' . $Parsedown->text($description) . '</p><hr style="width: 3em;"><p class="caption">' . $info . '</p>';
echo '<div class="center"><a href="' . htmlentities($file) . '" download><img style="max-width: 100%; border-radius: 15px;" src="' . htmlentities($tim) . '" alt=""></a><p class="caption">' . $comment . ' ' . $Parsedown->text($description) . '</p><hr style="width: 3em;"><p class="caption">' . $info . '</p>';
}

// Show links
Expand Down

0 comments on commit 4e8782e

Please sign in to comment.