Merge pull request #1876 from pi-hole/tweak/xssprevention

Apply htmlentities in a couple of places to prevent xss
pi-hole · Sep 11, 2021 · f526716 · f526716
2 parents c5cfb29 + 25df783
commit f526716
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/scripts/pi-hole/php/func.php b/scripts/pi-hole/php/func.php
@@ -472,6 +472,7 @@ function returnSuccess($message = "", $json = true)
 
 function returnError($message = "", $json = true)
 {
+    $message = htmlentities($message) ;
     if ($json) {
         return [ "success" => false, "message" => $message ];
     } else {

diff --git a/settings.php b/settings.php
@@ -41,7 +41,7 @@
         <button type="button" class="close" data-hide="alert" aria-label="Close"><span aria-hidden="true">&times;</span>
         </button>
         <h4><i class="icon fa fa-exclamation-triangle"></i> Debug</h4>
-        <pre><?php print_r($_POST); ?></pre>
+        <pre><?php print_r(htmlentities($_POST)); ?></pre>
     </div>
 <?php } ?>