github/torrentpier
1
0
Fork 0
mirror of https://github.com/torrentpier/torrentpier synced 2025-08-14 18:48:21 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Escape HTML characters for peer_id once to avoid load (#1002)

Browse source
This commit is contained in:
Cønstantine Kovalensky 2023-10-27 13:01:43 +04:00 committed by GitHub
commit 9dc9453ba7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
bt/announce.php
View file

@ -70,7 +70,7 @@ if (!isset($info_hash)) {
$info_hash_hex = bin2hex($info_hash);
// Store peer id
$peer_id_sql = rtrim(DB()->escape(substr($peer_id, 0, 10)), ' ');
$peer_id_sql = rtrim(DB()->escape(htmlspecialchars($peer_id, ENT_QUOTES, 'UTF-8', false)), ' ');
// Check info_hash version
if (strlen($info_hash) === 32) {

2
library/includes/functions.php
View file

@ -1223,7 +1223,7 @@ function get_user_torrent_client(string $peer_id): mixed
];
$bestMatchLength = 0;
$peer_id = htmlCHR($peer_id);
foreach ($clients as $key => $clientName) {
if (str_starts_with($peer_id, $key) !== false && strlen($key) > $bestMatchLength) {
$bestMatch = $clientName;