Fixed XSS Exploits. Thanks to ascii for reporting them

18 years ago · 2f620c10ff
parent 76236fbe20
commit 2f620c10ff
1 changed files with 2 additions and 2 deletions
--- a/pages/wot/5.php
+++ b/pages/wot/5.php
@ -17,7 +17,7 @@
 <? if($_SESSION['_config']['error'] != "") { ?><div color="orange"><?=_("ERROR")?>: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
 <? if($_SESSION['_config']['noemailfound'] == 1) { ?>
 <form method="post" action="wot.php">
-<input type="hidden" name="email" value="<?=$_POST['email']?>"><br>
+<input type="hidden" name="email" value="<?=strip_tags($_POST['email'])?>"><br>
 <select name="reminder-lang">
 <?
 	if($_SESSION['_config']['reminder-lang'] == "")
@ -45,7 +45,7 @@
 <? if($_SESSION['_config']['remindersent'] == 1) { unset($_SESSION['_config']['remindersent']) ?>
    <td class="DataTD"><input type="text" name="email" id="email" value=""></td>
 <? } else { ?>
-    <td class="DataTD"><input type="text" name="email" id="email" value="<?=$_POST['email']?>"></td>
+    <td class="DataTD"><input type="text" name="email" id="email" value="<?=strip_tags($_POST['email'])?>"></td>
 <? } ?>
  </tr>
  <tr>