Apply htmlentities in a couple of places to prevent xss

Co-authored-by: wtwver <wtwver@users.noreply.github.com> Signed-off-by: Adam Warner <me@adamwarner.co.uk>
pi-hole · Sep 11, 2021 · 25df783 · 25df783
1 parent c5cfb29
commit 25df783
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/scripts/pi-hole/php/func.php b/scripts/pi-hole/php/func.php
@@ -472,6 +472,7 @@ function returnSuccess($message = "", $json = true)
 
 function returnError($message = "", $json = true)
 {
+    $message = htmlentities($message) ;
     if ($json) {
         return [ "success" => false, "message" => $message ];
     } else {

diff --git a/settings.php b/settings.php
@@ -41,7 +41,7 @@
         <button type="button" class="close" data-hide="alert" aria-label="Close"><span aria-hidden="true">&times;</span>
         </button>
         <h4><i class="icon fa fa-exclamation-triangle"></i> Debug</h4>
-        <pre><?php print_r($_POST); ?></pre>
+        <pre><?php print_r(htmlentities($_POST)); ?></pre>
     </div>
 <?php } ?>