nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-28 03:04:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

allow arrays when sanitizing get query parameters

Browse Source
This commit is contained in:
malve 2025-02-18 21:14:32 +01:00
parent 8f38332fce
commit 743ff69c03
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
htdocs/always.php
View File

@ -32,9 +32,21 @@ function clean_get() {
foreach($_GET as $key => $value) {
// XSS is possible in both key and values
$k = htmlspecialchars($key);
$v = htmlspecialchars($value);
$temp[$k] = $v;
$key = htmlspecialchars($key);
switch (gettype($value)) {
case "string":
$value = htmlspecialchars($value);
break;
case "array":
array_walk_recursive($value, function(&$v) {
if (gettype($v) == "string") {
$v = htmlspecialchars($v);
}
});
break;
}
$temp[$key] = $value;
}
return $temp;