Ver código fonte

XSS Vulnerability (#1291)

CauseFX 6 anos atrás
pai
commit
950e5d6937
2 arquivos alterados com 5 adições e 3 exclusões
  1. 1 1
      index.php
  2. 4 2
      js/functions.js

+ 1 - 1
index.php

@@ -1,4 +1,4 @@
-<?php include 'api/functions/static-globals.php'; ?>
+<?php include 'api/functions/static-globals.php';?>
 <!DOCTYPE html>
 <html lang="en">
 

+ 4 - 2
js/functions.js

@@ -4018,8 +4018,10 @@ function errorPage(error=null,uri=null){
         local('set','uri',uri);
     }
 	//var urlParams = new URLSearchParams(window.location.search);
-	if($.urlParam('error') !== null){
-		local('set','error',$.urlParam('error'));
+	if($.urlParam('error') !== null && typeof $.urlParam('error') === 'string'){
+	    if($.urlParam('error').length === 3){
+            local('set','error',$.urlParam('error'));
+        }
 	}
     if($.urlParam('return') !== null && activeInfo.user.loggedin !== true){
         local('set','uri',$.urlParam('return'));