oldkid/friendica
1
0
Fork 0
mirror of https://git.sekbaer.de/Friendica/friendica.git synced 2025-06-16 20:05:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #12663 from nupplaphil/sec/xss_404

Browse source 
Security: Use htmlspecialchars() for user input in Arguments class
This commit is contained in:
Hypolite Petovan 2023-01-13 13:57:41 -05:00 committed by GitHub
commit 91ff24b0e4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/App/Page.php
View file

@ -73,6 +73,8 @@ class Page implements ArrayAccess
'right_aside' => '',
'template' => '',
'title' => '',
'section' => '',
'module' => '',
];
/**
* @var string The basepath of the page
@ -513,6 +515,11 @@ class Page implements ArrayAccess
$page = $this->page;
// add and escape some common but crucial content for direct "echo" in HTML (security)
$page['title'] = htmlspecialchars($page['title'] ?? '');
$page['section'] = htmlspecialchars($args->get(0) ?? 'generic');
$page['module'] = htmlspecialchars($args->getModuleName() ?? '');
header("X-Friendica-Version: " . App::VERSION);
header("Content-type: text/html; charset=utf-8");