Skip to content

Commit

Permalink
Update shorten.php
Browse files Browse the repository at this point in the history
Escape user input in an attempt to prevent stored XSS when an admin views links.
  • Loading branch information
0x0banana authored Feb 15, 2020
1 parent 9d3905e commit 08efde0
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions shorten.php
Original file line number Diff line number Diff line change
Expand Up @@ -109,9 +109,9 @@ function short($connexion, $username, $url, $custom, $comment) {
exit();
}

$url = $_POST['url'];
$comment = (!empty($_POST['comment'])) ? $_POST['comment'] : NULL;
$custom = (!empty($_POST['custom'])) ? $_POST['custom'] : NULL;
$url = htmlspecialchars(strip_tags($_POST['url']));
$comment = (!empty($_POST['comment'])) ? htmlspecialchars(strip_tags($_POST['comment'])) : NULL;
$custom = (!empty($_POST['custom'])) ? htmlspecialchars(strip_tags($_POST['custom'])) : NULL;
$url_shortened = short($connexion, $username, $url, $custom, $comment);
}
include 'inc/header.php';
Expand Down

0 comments on commit 08efde0

Please sign in to comment.