bitPickups/friendica_2020-09-1_sharedHosting
1
0
Fork 0
Code Pull requests Activity

Security: Use htmlspecialchars() for user input in Arguments class

Browse source
This commit is contained in:
Philipp Holzer 2023-01-11 23:09:40 +01:00 committed by Hypolite Petovan
commit a31d5ae7b1
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/App/Page.php
View file

@ -73,6 +73,8 @@ class Page implements ArrayAccess
'right_aside' => '',
'template' => '',
'title' => '',
'section' => '',
'module' => '',
];
/**
* @var string The basepath of the page
@ -509,6 +511,11 @@ class Page implements ArrayAccess
$page = $this->page;
// add and escape some common but crucial content for direct "echo" in HTML (security)
$page['title'] = htmlspecialchars($page['title'] ?? '');
$page['section'] = htmlspecialchars($args->get(0) ?? 'generic');
$page['module'] = htmlspecialchars($args->getModuleName() ?? '');
header("X-Friendica-Version: " . App::VERSION);
header("Content-type: text/html; charset=utf-8");