From a0e48b5088406c9f95099585b5898198ed542732 Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Thu, 25 Aug 2016 17:02:39 +0100
Subject: [PATCH] injClean inputs

---
 lib/github-manager.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/github-manager.php b/lib/github-manager.php
index 40c7f36..761b831 100644
--- a/lib/github-manager.php
+++ b/lib/github-manager.php
@@ -77,7 +77,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 
 		// Add the new one
 		if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {
-			$settingsNew .= '"'.xssClean($_POST['githubLocalPathNEW'],"html").'",';
+			$settingsNew .= '"'.injClean(xssClean($_POST['githubLocalPathNEW'],"html")).'",';
 		}
 
 		// Then set all the old local paths
@@ -93,7 +93,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 
 		// Add the new one
 		if ($_POST['githubLocalPathNEW'] != "" && $_POST['githubRemotePathNEW'] != "") {
-			$settingsNew .= '"'.xssClean($_POST['githubRemotePathNEW'],"html").'",';
+			$settingsNew .= '"'.injClean(xssClean($_POST['githubRemotePathNEW'],"html")).'",';
 		}
 
 		// Then set all the old remote paths
@@ -118,7 +118,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 		// Redo the arrays using the form data
 		for ($i=0; $i<count($oldLocal); $i++) {
 			if ($_POST['githubLocalPath'.$i] != "") {
-				$settingsNew .= '"'.xssClean($_POST['githubLocalPath'.$i],"html").'",';
+				$settingsNew .= '"'.injClean(xssClean($_POST['githubLocalPath'.$i],"html")).'",';
 			}
 		}
 		// Rtrim off the last comma
@@ -131,7 +131,7 @@ if (!$demoMode && isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] && isset
 		// Redo the arrays using the form data
 		for ($i=0; $i<count($oldRemote); $i++) {
 			if ($_POST['githubRemotePath'.$i] != "") {
-				$settingsNew .= '"'.xssClean($_POST['githubRemotePath'.$i],"html").'",';
+				$settingsNew .= '"'.injClean(xssClean($_POST['githubRemotePath'.$i],"html")).'",';
 			}
 		}
 		// Rtrim off the last comma