Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix stored XSS security issue: decode HTML entities from URL
  • Loading branch information
francoisjacquet committed Jun 8, 2022
1 parent dfa51d8 commit 6e213b1
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGES.md
@@ -1,6 +1,10 @@
# CHANGES
## RosarioSIS Student Information System

Changes in 9.0.1
----------------
- Fix stored XSS security issue: decode HTML entities from URL in PreparePHP_SELF.fnc.php, thanks to @domiee13

Changes in 9.0
--------------
- CSS add length to previous meals select in DailyMenus.php
Expand Down
2 changes: 1 addition & 1 deletion functions/PreparePHP_SELF.fnc.php
Expand Up @@ -191,7 +191,7 @@ function( $match ) {
);

// Fix stored XSS security issue: decode HTML entities from URL.
$string = html_entity_decode( (string) $string );
$string = html_entity_decode( (string) $string, ENT_QUOTES | ENT_HTML5 );

$remove = [
// Fix stored XSS security issue: remove inline JS from URL.
Expand Down

0 comments on commit 6e213b1

Please sign in to comment.