Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

xssClean unsanitised user input

Browse Source
This commit is contained in:
Matt Pass
2016-03-08 15:41:58 +00:00
parent 0bcf7a1d72
commit e5dcd02b62
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/get-branch.php
View File

@@ -373,7 +373,7 @@ if (!isset($ftpSite) && $_SESSION['githubDiff']) {
}
?>
<script>
targetElem = top.ICEcoder.filesFrame.contentWindow.document.getElementById('<?php echo $_GET['location'];?>');
targetElem = top.ICEcoder.filesFrame.contentWindow.document.getElementById('<?php echo xssClean($_GET['location'],"html");?>');
newUL = document.createElement("ul");
newUL.style = "display: block";
locNest = targetElem.parentNode.parentNode;