github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 13:54:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix some XSS.

Browse source
This commit is contained in:
Sergio 2019-04-21 02:18:24 +02:00
commit 7226a8991f
4 changed files with 9 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

4
web/list/directory/index.php
View file

@ -24,8 +24,8 @@ if (empty($panel)) {
$panel = json_decode(implode('', $output), true);
}
$path_a = !empty($_REQUEST['dir_a']) ? $_REQUEST['dir_a'] : '';
$path_b = !empty($_REQUEST['dir_b']) ? $_REQUEST['dir_b'] : '';
$path_a = !empty($_REQUEST['dir_a']) ? htmlentities($_REQUEST['dir_a']) : '';
$path_b = !empty($_REQUEST['dir_b']) ? htmlentities($_REQUEST['dir_b']) : '';
$GLOBAL_JS = '<script type="text/javascript">GLOBAL.START_DIR_A = "' . $path_a . '";</script>';
$GLOBAL_JS .= '<script type="text/javascript">GLOBAL.START_DIR_B = "' . $path_b . '";</script>';
$GLOBAL_JS .= '<script type="text/javascript">GLOBAL.ROOT_DIR = "' . $panel[$user]['HOME'] . '";</script>';