github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-20 05:13:54 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Use strip_tags() for error message in ajax_die() (#990)

Browse source
This commit is contained in:
Roman Kelesidis 2023-10-26 15:07:39 +07:00 committed by GitHub
commit 8765aaaa3a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
library/ajax/edit_user_profile.php
View file

@ -27,7 +27,7 @@ switch ($field) {
case 'username': case 'username':
$value = clean_username($value); $value = clean_username($value);
if ($err = \TorrentPier\Validate::username($value)) { if ($err = \TorrentPier\Validate::username($value)) {
$this->ajax_die(strip_tags($err)); $this->ajax_die($err);
} }
$this->response['new_value'] = $this->request['value']; $this->response['new_value'] = $this->request['value'];
break; break;

4
library/ajax/posts.php
View file

@ -74,7 +74,7 @@ switch ($this->request['type']) {
case 'reply': case 'reply':
if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) { if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
$this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT'])); $this->ajax_die($lang['RULES_REPLY_CANNOT']);
} elseif (!$is_auth['auth_reply']) { } elseif (!$is_auth['auth_reply']) {
$this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type']))); $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
} }
@ -217,7 +217,7 @@ switch ($this->request['type']) {
} }
if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) { if (bf($userdata['user_opt'], 'user_opt', 'dis_post')) {
$this->ajax_die(strip_tags($lang['RULES_REPLY_CANNOT'])); $this->ajax_die($lang['RULES_REPLY_CANNOT']);
} elseif (!$is_auth['auth_reply']) { } elseif (!$is_auth['auth_reply']) {
$this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type']))); $this->ajax_die(sprintf($lang['SORRY_AUTH_REPLY'], strip_tags($is_auth['auth_reply_type'])));
} }

2
src/Ajax.php
View file

@ -145,7 +145,7 @@ class Ajax
public function ajax_die(string $error_msg, int $error_code = E_AJAX_GENERAL_ERROR) public function ajax_die(string $error_msg, int $error_code = E_AJAX_GENERAL_ERROR)
{ {
$this->response['error_code'] = $error_code; $this->response['error_code'] = $error_code;
$this->response['error_msg'] = $error_msg; $this->response['error_msg'] = strip_tags($error_msg);
$this->send(); $this->send();
} }