Skip to content

Commit

Permalink
saveSettings xss
Browse files Browse the repository at this point in the history 
https://www.huntr.dev/bounties/1624827860695-FalconChristmas/fpp/
  • Loading branch information
@ghormann
ghormann committed Jul 2, 2021
1 parent e07b9d0 commit 29301f5
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions www/fppjson.php
View file
Expand Up @@ -153,9 +153,9 @@ function SetPluginSetting()
{
global $args;

$setting = $args['key'];
$value = $args['value'];
$plugin = $args['plugin'];
$setting = htmlspecialchars($args['key']);
$value = htmlspecialchars($args['value']);
$plugin = htmlspecialchars($args['plugin']);

check($setting, "setting", __FUNCTION__);
check($value, "value", __FUNCTION__);
Expand Down Expand Up @@ -659,8 +659,8 @@ function SetSetting()
{
global $args, $SUDO;

$setting = $args['key'];
$value = $args['value'];
$setting = htmlspecialchars($args['key']);
$value = htmlspecialchars($args['value']);

check($setting, "setting", __FUNCTION__);
check($value, "value", __FUNCTION__);
Expand Down

0 comments on commit 29301f5

Please sign in to comment.