rXSS cleaned username in editor info display

2026-03-13 20:07:09 +01:00 · 2022-01-17 12:38:29 +00:00
parent cd964f816f
commit 51cf24b2a3
1 changed files with 1 additions and 1 deletions
--- a/editor.php
+++ b/editor.php
@@ -150,7 +150,7 @@ h2 {color: rgba(0,198,255,0.7)}
            ?>
            <h2><?php echo $t['multi-user']; ?></h2>
            <span class="heading"><?php echo $t['Username']; ?></span><br>
-            <?php echo $_SESSION['username'];?><br><br>
+            <?php echo xssClean($_SESSION['username'], "html");?><br><br>
            <?php
        }
        ?>