mirror/php-cimage
1
0
Fork 0
mirror of https://github.com/mosbth/cimage.git synced 2025-07-31 21:40:12 +02:00
Code Issues Releases Wiki Activity

Add htmlentities to escape input, fix #183

Browse Source
This commit is contained in:
Mikael Roos
2021-09-13 08:17:47 +02:00
parent 4ecebcd5b4
commit 3cfa9a6a98
1 changed files with 15 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
webroot/compare/compare.php
View File

@@ -3,6 +3,12 @@
<head> <head>
<style> <style>
<?php
function e($str) {
return htmlspecialchars($str, ENT_QUOTES, 'UTF-8');
}
?>
body { body {
} }
@@ -128,15 +134,15 @@ if (isset($_GET['input1'])) {
// Use incoming from querystring as defaults // Use incoming from querystring as defaults
?> ?>
CImage.compare({ CImage.compare({
"input1": "<?=$_GET['input1']?>", "input1": "<?=e($_GET['input1'])?>",
"input2": "<?=$_GET['input2']?>", "input2": "<?=e($_GET['input2'])?>",
"input3": "<?=$_GET['input3']?>", "input3": "<?=e($_GET['input3'])?>",
"input4": "<?=$_GET['input4']?>", "input4": "<?=e($_GET['input4'])?>",
"input5": "<?=$_GET['input5']?>", "input5": "<?=e($_GET['input5'])?>",
"input6": "<?=$_GET['input6']?>", "input6": "<?=e($_GET['input6'])?>",
"json": <?=$_GET['json']?>, "json": <?=e($_GET['json'])?>,
"stack": <?=$_GET['stack']?>, "stack": <?=e($_GET['stack'])?>,
"bg": <?=$_GET['bg']?> "bg": <?=e($_GET['bg'])?>
}); });
<?php <?php
} elseif (isset($script)) { } elseif (isset($script)) {