From 19096f70e59374a7a6ac5e547cb82499a4597b4d Mon Sep 17 00:00:00 2001
From: znix <64723880+znixbtw@users.noreply.github.com>
Date: Fri, 14 Jan 2022 19:14:45 +0530
Subject: [PATCH] Fixed XSS

Found By @hitisec
---
 admin/cheat.php   | 20 ++++++++++----------
 admin/invites.php |  8 ++++----
 admin/sub.php     |  8 ++++----
 admin/users.php   | 20 ++++++++++----------
 login.php         |  2 +-
 profile.php       | 12 ++++++------
 register.php      |  2 +-
 7 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/admin/cheat.php b/admin/cheat.php
index 8bbbef1..a9b359e 100644
--- a/admin/cheat.php
+++ b/admin/cheat.php
@@ -16,21 +16,21 @@
 Util::head('Admin Panel');
 Util::navbar();
 
-// if post request 
+// if post request
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
 
 	if (isset($_POST["cheatStatus"])) {
-		$admin->setCheatStatus(); 
+		$admin->setCheatStatus();
 	}
 
 	if (isset($_POST["cheatMaint"])) {
-		$admin->setCheatMaint(); 
+		$admin->setCheatMaint();
 	}
 
 	if (isset($_POST["cheatVersion"])) {
 		$ver = floatval($_POST['version']);
-		$admin->setCheatVersion($ver); 
+		$admin->setCheatVersion($ver);
 	}
 
 	header("location: cheat.php");
@@ -92,29 +92,29 @@
 		<div class="col-12 mt-3">
 			<div class="rounded p-3 mb-3">
 
-				<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
-								
+				<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
+
 					<button name="cheatStatus" type="submit" class="btn btn-outline-primary btn-sm">
 						SET detected+-
 					</button>
-								
+
 					<button name="cheatMaint" type="submit" class="btn btn-outline-primary btn-sm">
 						SET maintenance+-
 					</button>
 
 				</form>
 
-				<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
+				<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
 					<div class="form-row mt-1">
     					<div class="col">
 							<input type="text" class="form-control form-control-sm" placeholder="Version" name="version" required>
 						</div>
-						
+
     					<div class="col">
 							<button class="btn btn-outline-primary btn-sm" name="cheatVersion" type="submit" value="submit">Update</button>
     					</div>
   					</div>
-					
+
 				</form>
 
 			</div>
diff --git a/admin/invites.php b/admin/invites.php
index 7aa6463..037cf59 100644
--- a/admin/invites.php
+++ b/admin/invites.php
@@ -16,12 +16,12 @@
 Util::head('Admin Panel');
 Util::navbar();
 
-// if post request 
+// if post request
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
 
 	if (isset($_POST["genInv"])) {
-		$admin->getInvCodeGen($username); 
+		$admin->getInvCodeGen($username);
 	}
 
 	header("location: invites.php");
@@ -37,8 +37,8 @@
 		<div class="col-12 mt-3">
 			<div class="rounded p-3 mb-3">
 
-				<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
-								
+				<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
+
 					<button name="genInv" type="submit" class="btn btn-outline-primary btn-sm">
 						Gen Inv
 					</button>
diff --git a/admin/sub.php b/admin/sub.php
index 40afa4e..bb21ba3 100644
--- a/admin/sub.php
+++ b/admin/sub.php
@@ -16,12 +16,12 @@
 Util::head('Admin Panel');
 Util::navbar();
 
-// if post request 
+// if post request
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
 
 	if (isset($_POST["genSub"])) {
-		$admin->getSubCodeGen($username); 
+		$admin->getSubCodeGen($username);
 	}
 
 	header("location: sub.php");
@@ -37,8 +37,8 @@
 		<div class="col-12 mt-3">
 			<div class="rounded p-3 mb-3">
 
-				<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
-								
+				<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
+
 					<button name="genSub" type="submit" class="btn btn-outline-primary btn-sm">
 						Gen Subscription code
 					</button>
diff --git a/admin/users.php b/admin/users.php
index bb1ebbe..eec0688 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -16,22 +16,22 @@
 Util::head('Admin Panel');
 Util::navbar();
 
-// if post request 
+// if post request
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
-	if (isset($_POST["resetHWID"])) { 
+	if (isset($_POST["resetHWID"])) {
 		$rowUID = $_POST['resetHWID'];
-		$admin->resetHWID($rowUID); 
+		$admin->resetHWID($rowUID);
 	}
 
-	if (isset($_POST["setBanned"])) { 
+	if (isset($_POST["setBanned"])) {
 		$rowUID = $_POST['setBanned'];
-		$admin->setBanned($rowUID); 
+		$admin->setBanned($rowUID);
 	}
 
-	if (isset($_POST["setAdmin"])) { 
+	if (isset($_POST["setAdmin"])) {
 		$rowUID = $_POST['setAdmin'];
-		$admin->setAdmin($rowUID); 
+		$admin->setAdmin($rowUID);
 	}
 
 	header("location: users.php");
@@ -93,8 +93,8 @@
 							</td>
 
 							<td>
-								<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
-								
+								<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
+
 									<button value="<?php Util::display($row->uid); ?>" name="resetHWID"  title="Reset HWID" data-toggle="tooltip" data-placement="top" class="btn btn-sm text-white" type="submit">
 										<i class="fas fa-microchip"></i>
 									</button>
@@ -124,6 +124,6 @@
 
 <script>
 $(document).ready(function(){
-  $('[data-toggle="tooltip"]').tooltip();   
+  $('[data-toggle="tooltip"]').tooltip();
 });
 </script>
\ No newline at end of file
diff --git a/login.php b/login.php
index 6c5dfef..f188702 100644
--- a/login.php
+++ b/login.php
@@ -33,7 +33,7 @@
 
 					<h4 class="card-title text-center">Login</h4>
 
-					<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
+					<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
 
 						<div class="form-group">
 							<input type="text" class="form-control form-control-sm" placeholder="Username" name="username" required>
diff --git a/profile.php b/profile.php
index 62a62f5..bc110bc 100644
--- a/profile.php
+++ b/profile.php
@@ -53,7 +53,7 @@
 
 					<h4 class="card-title text-center">Update Password</h4>
 
-					<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
+					<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
 
 						<div class="form-group">
 							<input type="password" class="form-control form-control-sm" placeholder="Current Password" name="currentPassword" required>
@@ -94,11 +94,11 @@
 
 									Sub:
 									<p class="float-right mb-0">
-										<?php 
-										if ($sub > 0) { 
-											Util::display($sub . ' days'); 
+										<?php
+										if ($sub > 0) {
+											Util::display($sub . ' days');
 										} else {
-											Util::display('0 days'); 
+											Util::display('0 days');
 										} ?>
 									</p>
 
@@ -116,7 +116,7 @@
 
 								<h4 class="card-title text-center">Activate Sub</h4>
 
-								<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
+								<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
 
 									<div class="form-group">
 										<input type="password" class="form-control form-control-sm" placeholder="Subscription Code" name="subCode" required>
diff --git a/register.php b/register.php
index 94b2465..dd6604a 100644
--- a/register.php
+++ b/register.php
@@ -33,7 +33,7 @@
 
 					<h4 class="card-title text-center">Register</h4>
 
-					<form method="POST" action="<?php echo $_SERVER["PHP_SELF"]; ?>">
+					<form method="POST" action="<?php Util::display($_SERVER['PHP_SELF']); ?>">
 
 						<div class="form-group">
 							<input type="text" class="form-control form-control-sm" placeholder="Username" name="username" minlength="3" required>