Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
improv. fix xss with navbar
  • Loading branch information
nivcoo committed Mar 8, 2022
1 parent e6640b6 commit 06ce52c
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions app/View/Navbar/admin_add.ctp
Expand Up @@ -224,9 +224,9 @@
url = {};
for (var key in test = names) {
var l = test[key].split('=');
l = l[1];
l = decodeURIComponent(l[1]);
var p = urls[key].split('=');
p = p[1];
p = decodeURIComponent(p[1]);
url[l] = p;
}
}
Expand Down
8 changes: 4 additions & 4 deletions app/View/Navbar/admin_edit.ctp
Expand Up @@ -96,12 +96,12 @@
<div class="form-group">
<label><?= $Lang->get('NAVBAR__LINK_NAME') ?></label>
<input type="text" class="form-control name_of_nav"
value="<?= urldecode($name) ?>" name="name_of_nav">
value="<?= $name ?>" name="name_of_nav">
</div>
<div class="form-group">
<label><?= $Lang->get('URL') ?></label>
<input type="text" class="form-control url_of_nav"
value="<?= urldecode($url) ?>"
value="<?= $url ?>"
placeholder="<?= $Lang->get('NAVBAR__CUSTOM_URL') ?>" name="url">
</div>
<a href="#"
Expand Down Expand Up @@ -238,9 +238,9 @@
url = {};
for (var key in test = names) {
var l = test[key].split('=');
l = l[1];
l = decodeURIComponent(l[1]);
var p = urls[key].split('=');
p = p[1];
p = decodeURIComponent(p[1]);
url[l] = p;
}
}
Expand Down

0 comments on commit 06ce52c

Please sign in to comment.