Skip to content

Commit

Permalink
Fixed XSS exploit in install script
Browse files Browse the repository at this point in the history 
Added htmlspecialchars() to "step" variable.
  • Loading branch information
paintballrefjosh committed Mar 4, 2017
1 parent 6be7801 commit 4509beb
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion install/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,10 @@ function output_message($type, $text)
<div class="content">
<div class="content-header">
<?php

if(isset($_GET['step']))
{
$step = $_GET['step'];
$step = htmlspecialchars($_GET['step']);
}
else
{
Expand Down

1 comment on commit 4509beb

@paintballrefjosh
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixes #15

Please sign in to comment.