mirror/php-cimage
1
0
Fork 0
mirror of https://github.com/mosbth/cimage.git synced 2025-07-25 02:31:20 +02:00
Code Issues Releases Wiki Activity

Add htmlentities to escape input, fix #183

Browse Source
This commit is contained in:
Mikael Roos
2021-09-13 08:17:47 +02:00
parent 4ecebcd5b4
commit 3cfa9a6a98
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
webroot/compare/compare.php
View File

@@ -3,6 +3,12 @@
<head>
<style>
<?php
function e($str) {
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}
?>
body {
}
@@ -128,15 +134,15 @@ if (isset($_GET['input1'])) {
// Use incoming from querystring as defaults
?>
CImage.compare({
"input1": "<?=$_GET['input1']?>",
"input2": "<?=$_GET['input2']?>",
"input3": "<?=$_GET['input3']?>",
"input4": "<?=$_GET['input4']?>",
"input5": "<?=$_GET['input5']?>",
"input6": "<?=$_GET['input6']?>",
"json": <?=$_GET['json']?>,
"stack": <?=$_GET['stack']?>,
"bg": <?=$_GET['bg']?>
"input1": "<?=e($_GET['input1'])?>",
"input2": "<?=e($_GET['input2'])?>",
"input3": "<?=e($_GET['input3'])?>",
"input4": "<?=e($_GET['input4'])?>",
"input5": "<?=e($_GET['input5'])?>",
"input6": "<?=e($_GET['input6'])?>",
"json": <?=e($_GET['json'])?>,
"stack": <?=e($_GET['stack'])?>,
"bg": <?=e($_GET['bg'])?>
});
<?php
} elseif (isset($script)) {