M_Viper/ts-website
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Using htmlspecialchars instead of htmlentities to prevent XSS

Browse Source
This commit is contained in:
Wruczek
2017-09-25 00:39:02 +02:00
parent a282f78cff
commit bb09f72ee6
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bans.php
View File

@ -68,14 +68,14 @@ function getBanlist() {
$user = censorIP((string)$ban['ip']);
if (!empty($ban['lastnickname']))
$user = htmlentities((string)$ban['lastnickname']);
$user = htmlspecialchars((string)$ban['lastnickname']);
if (empty($user))
$user = "<i>Unknown</i>";
$reason = htmlentities((string)$ban['reason']);
$invokername = htmlentities((string)$ban['invokername']);
$reason = htmlspecialchars((string)$ban['reason']);
$invokername = htmlspecialchars((string)$ban['invokername']);
$duration = $ban['duration'];
$createdepoch = $ban['created'];
$expiresepoch = $ban['created'] + $duration;