Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

XSS clean 3 areas

Browse Source
This commit is contained in:
Matt Pass
2016-03-17 17:36:13 +00:00
parent be842742de
commit 9a516ecd27
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/get-branch.php
View File

@@ -117,7 +117,7 @@ if (!isset($ftpSite) && $_SESSION['githubDiff']) {
$scanDir = $docRoot.$iceRoot;
$location = "";
echo '<div id="branch" style="display: none">';
$location = str_replace("|","/",$_GET['location']);
$location = str_replace("|","/",xssClean($_GET['location'],"html"));
if ($location=="/") {$location = "";};
$dirArray = $filesArray = $finalArray = array();

4
lib/github.php
View File

@@ -53,8 +53,8 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
<script>
// Start our github object, establish this repo & file path
var github = new Github({token: "'.$_SESSION['githubAuthToken'].'", auth: "oauth"});
var thisRepo = "'.$_GET['repo'].'";
var thisFilePath = "'.$_GET['filePath'].'";
var thisRepo = "'.xssClean($_GET['repo'],"html").'";
var thisFilePath = "'.xssClean($_GET['filePath'],"html").'";
// Start our repo and read the data in, then update diff pane with that
var repo = github.getRepo(thisRepo.split("|")[0], thisRepo.split("|")[1]);