Joost
/
pics
forked from Public/pics
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Prevent XSS in error log viewer.

This commit is contained in:
Aaron van Geffen 2021-03-10 17:09:01 +01:00
parent cae5c6e5cf
commit 3bf69fd21f
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
controllers/ManageErrors.php
View File

@ -47,9 +47,13 @@ class ManageErrors extends HTMLController
'parse' => [
'type' => 'function',
'data' => function($row) {
return $row['message'] . '<br><div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . $row['debug_info'] . '</pre></div>' .
'<small><a href="' . BASEURL . $row['request_uri'] . '">' . $row['request_uri'] . '</a></small>';
return $row['message'] . '<br>' .
'<div><a onclick="this.parentNode.childNodes[1].style.display=\'block\';this.style.display=\'none\';">Show debug info</a>' .
'<pre style="display: none">' . htmlspecialchars($row['debug_info']) .
'</pre></div>' .
'<small><a href="' . BASEURL .
htmlspecialchars($row['request_uri']) . '">' .
htmlspecialchars($row['request_uri']) . '</a></small>';
}
],
'header' => 'Message / URL',