From c93c3b37850618a0f0baa1bdbd498b7b0b84d6dd Mon Sep 17 00:00:00 2001
From: Matt Pass <matt@mattpass.com>
Date: Wed, 9 Mar 2016 19:23:35 +0000
Subject: [PATCH] xssClean on 4 x $_GET instances

---
 lib/bug-files-check.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/bug-files-check.php b/lib/bug-files-check.php
index dd18f0c..b18c68c 100644
--- a/lib/bug-files-check.php
+++ b/lib/bug-files-check.php
@@ -5,9 +5,9 @@ include_once("settings-common.php");
 $text = $_SESSION['text'];
 $t = $text['bug-files-check'];
 
-$files		= explode(",",str_replace("|","/",$_GET['files']));
-$filesSizesSeen	= explode(",",$_GET['filesSizesSeen']);
-$maxLines	= $_GET['maxLines'];
+$files		= explode(",",str_replace("|","/",xssClean($_GET['files'],"html")));
+$filesSizesSeen	= explode(",",xssClean($_GET['filesSizesSeen'],"html"));
+$maxLines	= xssClean($_GET['maxLines'],"html");
 
 $result = "ok";
 
@@ -28,7 +28,7 @@ if ($result != "error") {
 
 	for ($i=0; $i<count($files); $i++) {
 		// If we have set a filesize value previously and it's different to now, there's new bugs
-		$fileSizesSeenArray = explode(",",$_GET['filesSizesSeen']);
+		$fileSizesSeenArray = explode(",",xssClean($_GET['filesSizesSeen'],"html"));
 		if ($fileSizesSeenArray[$i]!="null" && $fileSizesSeenArray[$i] != $filesSizesSeen[$i]) {
 			$result = "bugs";
 			$filesWithNewBugs++;