From 5aea5f912f6e6d19dedb1fdfc25a29a2e1fc1694 Mon Sep 17 00:00:00 2001
From: noobpk <ltp.noobpk@gmail.com>
Date: Tue, 8 Feb 2022 20:48:42 +0700
Subject: [PATCH] applying htmlspecialchars for sanitization output Fix issue
 XSS Disclosure :
 https://huntr.dev/bounties/5f41b182-dda2-4c6f-9668-2a9afaed53af/

---
 lib/tpl/main.php        | 4 ++--
 lib/tpl/serversList.php | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/lib/tpl/main.php b/lib/tpl/main.php
index 01b8a75..e40c136 100644
--- a/lib/tpl/main.php
+++ b/lib/tpl/main.php
@@ -65,7 +65,7 @@
                                     <ul class="dropdown-menu">
                                         <li><a href="./?">All servers</a></li>
                                         <?php foreach (array_diff($servers, array($server)) as $key => $serverItem): ?>
-                                            <li><a href="./?server=<?php echo $serverItem ?>"><?php echo empty($key) || is_numeric($key) ? $serverItem : $key ?></a></li>
+                                            <li><a href="./?server=<?php echo htmlspecialchars($serverItem) ?>"><?php echo empty($key) || is_numeric($key) ? htmlspecialchars($serverItem) : $key ?></a></li>
                                         <?php endforeach ?>
                                     </ul>
                                 </li>
@@ -77,7 +77,7 @@
                                     </a>
                                     <ul class="dropdown-menu">
                                         <?php foreach ($servers as $key => $serverItem): ?>
-                                            <li><a href="./?server=<?php echo $serverItem ?>"><?php echo empty($key) || is_numeric($key) ? $serverItem : $key ?></a></li>
+                                            <li><a href="./?server=<?php echo htmlspecialchars($serverItem) ?>"><?php echo empty($key) || is_numeric($key) ? htmlspecialchars($serverItem) : $key ?></a></li>
                                         <?php endforeach ?>
                                     </ul>
                                 </li>
diff --git a/lib/tpl/serversList.php b/lib/tpl/serversList.php
index 6e05d37..46c5833 100644
--- a/lib/tpl/serversList.php
+++ b/lib/tpl/serversList.php
@@ -44,9 +44,9 @@
                         ?>
                         <tr>
                             <?php if (empty($stats)): ?>
-                                <td style="white-space: nowrap;"><?php echo $label ?></td>
+                                <td style="white-space: nowrap;"><?php echo htmlspecialchars($label) ?></td>
                             <?php else: ?>
-                                <td  style="white-space: nowrap;"><a href="./?server=<?php echo $server ?>"><?php echo $label; ?></a></td>
+                                <td  style="white-space: nowrap;"><a href="./?server=<?php echo htmlspecialchars($server) ?>"><?php echo htmlspecialchars($label); ?></a></td>
                             <?php endif ?>
                             <?php foreach ($stats as $key => $item): ?>
                                 <?php
@@ -69,7 +69,7 @@
                                 <td colspan="<?php echo count($visible) ?>" class="row-full">&nbsp;</td>
                             <?php endif ?>
                             <td><?php if (array_intersect(array($server), $cookieServers)): ?>
-                                    <a class="btn btn-xs btn-danger" title="Remove from list" href="./?action=serversRemove&removeServer=<?php echo $server ?>"><span
+                                    <a class="btn btn-xs btn-danger" title="Remove from list" href="./?action=serversRemove&removeServer=<?php echo htmlspecialchars($server) ?>"><span
                                             class="glyphicon glyphicon-minus"></span></a>
                                     <?php endif; ?>
                             </td>