SECURITY fix difftype handling. #3761

dokuwiki · Sep 3, 2022 · 63e9a24 · 63e9a24
1 parent ec745ed
commit 63e9a24
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/inc/Ui/PageDiff.php b/inc/Ui/PageDiff.php
@@ -105,13 +105,14 @@ protected function handle()
         }
 
         // requested diff view type
+        $mode = '';
         if ($INPUT->has('difftype')) {
-            $this->preference['difftype'] = $INPUT->str('difftype');
+            $mode = $INPUT->str('difftype');
         } else {
             // read preference from DokuWiki cookie. PageDiff only
             $mode = get_doku_pref('difftype', null);
-            if (isset($mode)) $this->preference['difftype'] = $mode;
         }
+        if(in_array($mode, ['inline','sidebyside'])) $this->preference['difftype'] = $mode;
 
         if (!$INPUT->has('rev') && !$INPUT->has('rev2')) {
             global $INFO, $REV;
@@ -222,7 +223,7 @@ public function show()
 
         // display diff view table
         echo '<div class="table">';
-        echo '<table class="diff diff_'.$this->preference['difftype'] .'">';
+        echo '<table class="diff diff_'.hsc($this->preference['difftype']) .'">';
 
         //navigation and header
         switch ($this->preference['difftype']) {