32 lines
1.4 KiB
Diff
32 lines
1.4 KiB
Diff
From ab909037aa30bc200d467eecb1c189565604ba6a Mon Sep 17 00:00:00 2001
|
|
From: Adam Tygart <adam.tygart@gmail.com>
|
|
Date: Fri, 28 Feb 2020 10:17:20 -0600
|
|
Subject: [PATCH] Fix XSS from OBB-1005024
|
|
|
|
---
|
|
graph_all_periods.php | 10 +++++-----
|
|
1 file changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/graph_all_periods.php b/graph_all_periods.php
|
|
index 4e90ccba..9185d646 100644
|
|
--- a/graph_all_periods.php
|
|
+++ b/graph_all_periods.php
|
|
@@ -10,12 +10,12 @@
|
|
$data->assign("refresh", $conf['default_refresh']);
|
|
$data->assign("conf", $conf);
|
|
$data->assign("embed",
|
|
- isset($_REQUEST['embed']) ? $_REQUEST['embed'] : NULL);
|
|
+ isset($_REQUEST['embed']) ? sanitize($_REQUEST['embed']) : NULL);
|
|
$data->assign("mobile",
|
|
- isset($_REQUEST['mobile']) ? $_REQUEST['mobile'] : NULL);
|
|
-$data->assign("h", isset($_GET['h']) ? $_GET['h'] : NULL);
|
|
-$data->assign("g", isset($_GET['g']) ? $_GET['g'] : NULL);
|
|
-$data->assign("m", isset($_GET['m']) ? $_GET['m'] : NULL);
|
|
+ isset($_REQUEST['mobile']) ? sanitize($_REQUEST['mobile']) : NULL);
|
|
+$data->assign("h", isset($_GET['h']) ? sanitize($_GET['h']) : NULL);
|
|
+$data->assign("g", isset($_GET['g']) ? sanitize($_GET['g']) : NULL);
|
|
+$data->assign("m", isset($_GET['m']) ? sanitize($_GET['m']) : NULL);
|
|
$data->assign("html_g",
|
|
isset($_GET['g']) ? htmlspecialchars($_GET['g']) : NULL);
|
|
$data->assign("html_m",
|