From 4803eb2bac3bbf77635c0b803252147bc1543ea7 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Fri, 27 Jun 2014 08:52:26 +0100
Subject: [PATCH] xssClean $_POST vars

---
 lib/github-manager.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/github-manager.php b/lib/github-manager.php
index 5bd882a..1598101 100644
--- a/lib/github-manager.php
+++ b/lib/github-manager.php
@@ -72,7 +72,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 
 		// Add the new one
 		if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {
-			$settingsNew .= '"'.$_POST['githubLocalPathNEW'].'",';
+			$settingsNew .= '"'.xssClean($_POST['githubLocalPathNEW'],"html").'",';
 		}
 
 		// Then set all the old local paths
@@ -88,7 +88,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 
 		// Add the new one
 		if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {
-			$settingsNew .= '"'.$_POST['githubRemotePathNEW'].'",';
+			$settingsNew .= '"'.xssClean($_POST['githubRemotePathNEW'],"html").'",';
 		}
 
 		// Then set all the old remote paths
@@ -113,7 +113,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 		// Redo the arrays using the form data
 		for ($i=0; $i<count($oldLocal); $i++) {
 			if ($_POST['githubLocalPath'.$i] != "") {
-				$settingsNew .= '"'.$_POST['githubLocalPath'.$i].'",';
+				$settingsNew .= '"'.xssClean($_POST['githubLocalPath'.$i],"html").'",';
 			}
 		}
 		// Rtrim off the last comma
@@ -126,7 +126,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 		// Redo the arrays using the form data
 		for ($i=0; $i<count($oldRemote); $i++) {
 			if ($_POST['githubRemotePath'.$i] != "") {
-				$settingsNew .= '"'.$_POST['githubRemotePath'.$i].'",';
+				$settingsNew .= '"'.xssClean($_POST['githubRemotePath'.$i],"html").'",';
 			}
 		}
 		// Rtrim off the last comma