Fixed XSS Exploits. Thanks to ascii for reporting them
This commit is contained in:
parent
76236fbe20
commit
2f620c10ff
1 changed files with 2 additions and 2 deletions
|
@ -17,7 +17,7 @@
|
||||||
<? if($_SESSION['_config']['error'] != "") { ?><div color="orange"><?=_("ERROR")?>: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
|
<? if($_SESSION['_config']['error'] != "") { ?><div color="orange"><?=_("ERROR")?>: <?=$_SESSION['_config']['error']?></div><? unset($_SESSION['_config']['error']); } ?>
|
||||||
<? if($_SESSION['_config']['noemailfound'] == 1) { ?>
|
<? if($_SESSION['_config']['noemailfound'] == 1) { ?>
|
||||||
<form method="post" action="wot.php">
|
<form method="post" action="wot.php">
|
||||||
<input type="hidden" name="email" value="<?=$_POST['email']?>"><br>
|
<input type="hidden" name="email" value="<?=strip_tags($_POST['email'])?>"><br>
|
||||||
<select name="reminder-lang">
|
<select name="reminder-lang">
|
||||||
<?
|
<?
|
||||||
if($_SESSION['_config']['reminder-lang'] == "")
|
if($_SESSION['_config']['reminder-lang'] == "")
|
||||||
|
@ -45,7 +45,7 @@
|
||||||
<? if($_SESSION['_config']['remindersent'] == 1) { unset($_SESSION['_config']['remindersent']) ?>
|
<? if($_SESSION['_config']['remindersent'] == 1) { unset($_SESSION['_config']['remindersent']) ?>
|
||||||
<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
|
<td class="DataTD"><input type="text" name="email" id="email" value=""></td>
|
||||||
<? } else { ?>
|
<? } else { ?>
|
||||||
<td class="DataTD"><input type="text" name="email" id="email" value="<?=$_POST['email']?>"></td>
|
<td class="DataTD"><input type="text" name="email" id="email" value="<?=strip_tags($_POST['email'])?>"></td>
|
||||||
<? } ?>
|
<? } ?>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
|
|
Loading…
Reference in a new issue