Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-25 17:10:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

Security: Use htmlspecialchars() for user input in Arguments class

Browse source
This commit is contained in:
Philipp 2023-01-11 23:09:40 +01:00
parent eda65296f5
commit 0530755332
No known key found for this signature in database
GPG key ID: 24A7501396EB5432
2 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/App/Page.php
View file

@ -73,6 +73,8 @@ class Page implements ArrayAccess
'right_aside' => '',
'template' => '',
'title' => '',
'section' => '',
'module' => '',
];
/**
* @var string The basepath of the page
@ -513,6 +515,11 @@ class Page implements ArrayAccess
$page = $this->page;
// add and escape some common but crucial content for direct "echo" in HTML (security)
$page['title'] = htmlspecialchars($page['title'] ?? '');
$page['section'] = htmlspecialchars($args->get(0) ?? 'generic');
$page['module'] = htmlspecialchars($args->getModuleName() ?? '');
header("X-Friendica-Version: " . App::VERSION);
header("Content-type: text/html; charset=utf-8");