Skip to content

Commit 30656ba

Browse files
fiammybefiammybe
authored
Merge pull request #14 from fiammybe/fix-print-xss
Sanitize topic print
2 parents 2c5ddfb + f3fdd2f commit 30656ba

1 file changed

Lines changed: 9 additions & 3 deletions

File tree

print.php

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -95,8 +95,14 @@
9595
}
9696
else
9797
{
98-
$post_data = unserialize(base64_decode($_POST["post_data"]));
98+
$post_data = unserialize(base64_decode($_POST["post_data"]));
99+
if (is_array($post_data)) {
100+
foreach ($post_data as $k => $v) {
101+
$post_data[$k] = $myTs->codeSanitizer($v);
102+
}
103+
}
99104
$isPost = 1;
105+
100106
}
101107

102108
header('Content-Type: text/html; charset='._CHARSET);
@@ -111,7 +117,7 @@
111117
echo "<meta name='AUTHOR' content='" . htmlspecialchars($icmsConfig['sitename'], ENT_QUOTES) . "' />\n";
112118
echo "<meta name='COPYRIGHT' content='Copyright (c) ".date('Y')." by " . htmlspecialchars($icmsConfig['sitename'], ENT_QUOTES) . "' />\n";
113119
echo "<meta name='DESCRIPTION' content='" . htmlspecialchars($icmsConfig['slogan'], ENT_QUOTES) . "' />\n";
114-
echo "<meta name='GENERATOR' content='" . XOOPS_VERSION . "' />\n\n\n";
120+
echo "<meta name='GENERATOR' content='" . ICMS_VERSION_NAME . "' />\n\n\n";
115121
echo "<body bgcolor='#ffffff' text='#000000' onload='window.print()'>
116122
<div style='width: 750px; border: 1px solid #000; padding: 20px;'>
117123
<div style='text-align: center; display: block; margin: 0 0 6px 0;'>
@@ -161,4 +167,4 @@
161167
</div>
162168
<br />";
163169
echo "<br /></body></html>";
164-
}
170+
}

0 commit comments

Comments
 (0)