diff options
| author | Georgi Nikolov <ggeorgi60@gmail.com> | 2025-02-08 18:39:15 +0200 |
|---|---|---|
| committer | Georgi Nikolov <ggeorgi60@gmail.com> | 2025-02-08 18:39:15 +0200 |
| commit | 4ede3db3a71276ce607c3f48e76c9fb9ad9ba1ad (patch) | |
| tree | f30fdf06815e2eff6b73df3866b818f72e70416a | |
| parent | 3d11f004047708c0c9a36ee71b2f2357217d14ec (diff) | |
| download | nowayforward_human-4ede3db3a71276ce607c3f48e76c9fb9ad9ba1ad.tar nowayforward_human-4ede3db3a71276ce607c3f48e76c9fb9ad9ba1ad.tar.gz nowayforward_human-4ede3db3a71276ce607c3f48e76c9fb9ad9ba1ad.zip | |
Added sanitization of the url that is given to the archive script
| -rw-r--r-- | controllers/archive.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/controllers/archive.php b/controllers/archive.php index 80c8b1f..54f5f4a 100644 --- a/controllers/archive.php +++ b/controllers/archive.php @@ -17,7 +17,7 @@ function on_post() { $WEBSITE_CATEGORY = 'url'; $DOWNLOADS_FOLDER = getenv('ARCHIVES_DIR'); - $website_url = $_POST[$WEBSITE_CATEGORY]; + $website_url = htmlspecialchars($_POST[$WEBSITE_CATEGORY]); $uid = 1; $authorized = false; if ($TOKEN !== "") { |