M_Viper/ts-website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

v 1.4.5 - Security update!

Browse Source 
- Fixed XSS vulnerabilities - closes #57
- Added dev mode to cache class, allowing you to disable caching for development and debugging
- Translated few hardcoded strings

All ts-website users are advised to update their installation
This commit is contained in:
Wruczek
2017-09-24 22:38:32 +02:00
parent a325fc57c7
commit 2839e64e23
5 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
bans.php
View File

@ -44,7 +44,7 @@ $banlist = $cacheutils->getValue();
</div>
<div class="panel-footer">
<?php tl($lang["banlist"]["lastupdate"], [$banlist[1]]); ?><!-- <span style="float: right">Podgląd odświeża się co 60 sekund</span> -->
<?php tl($lang["banlist"]["lastupdate"], [$banlist[1]]); ?><!-- <span style="float: right">Data is refreshed every X seconds</span> -->
</div>
</div>
@ -68,14 +68,14 @@ function getBanlist() {
$user = censorIP((string)$ban['ip']);
if (!empty($ban['lastnickname']))
$user = (string)$ban['lastnickname'];
$user = htmlentities((string)$ban['lastnickname']);
if (empty($user))
$user = "<i>Unknown</i>";
$reason = $ban['reason'];
$invokername = (string)$ban['invokername'];
$reason = htmlentities((string)$ban['reason']);
$invokername = htmlentities((string)$ban['invokername']);
$duration = $ban['duration'];
$createdepoch = $ban['created'];
$expiresepoch = $ban['created'] + $duration;