Skip to content

Commit

Permalink
Add htmlentities to prevent xss
Browse files Browse the repository at this point in the history
  • Loading branch information
@jaapmarcus
jaapmarcus committed Sep 9, 2021
1 parent 9e37a51 commit 2edde58
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion web/templates/pages/list_key.html
View file
Expand Up @@ -42,7 +42,7 @@
<a id="delete_link_<?=$i?>" class="data-controls do_delete" title="<?=_('delete');?>">
<i class="fas fa-trash status-icon red status-icon dim do_delete"></i>
<?php if (($_SESSION['userContext'] === 'admin') && (isset($_GET['user'])) && ($_GET['user'] !== 'admin')) { ?>
<input type="hidden" name="delete_url" value="/delete/key/?user=<?=$_GET['user']?>&key=<?=$key?>&token=<?=$_SESSION['token']?>" />
<input type="hidden" name="delete_url" value="/delete/key/?user=<?=htmlentities($_GET['user']);?>&key=<?=$key?>&token=<?=$_SESSION['token']?>" />
<?php } else { ?>
<input type="hidden" name="delete_url" value="/delete/key/?key=<?=$key?>&token=<?=$_SESSION['token']?>" />
<?php } ?>
Expand Down

0 comments on commit 2edde58

Please sign in to comment.