Permalink

Browse files

Fix stored XSS security issue: decode HTML entities from URL

• Loading branch information

1 parent dfa51d8 commit 6e213b17e6ac3a3961e1eabcdaba1c892844398a

Showing 2 changed files with 5 additions and 1 deletion.

• CHANGES.md
• • PreparePHP_SELF.fnc.php

@@ -1,6 +1,10 @@

CHANGES

RosarioSIS Student Information System

Changes in 9.0.1

----------------

- Fix stored XSS security issue: decode HTML entities from URL in PreparePHP_SELF.fnc.php, thanks to @domiee13

Changes in 9.0

--------------

- CSS add length to previous meals select in DailyMenus.php

@@ -191,7 +191,7 @@ function( $match ) {

);

// Fix stored XSS security issue: decode HTML entities from URL.

$string = html_entity_decode( (string) $string );

$string = html_entity_decode( (string) $string, ENT_QUOTES | ENT_HTML5 );

$remove = [

// Fix stored XSS security issue: remove inline JS from URL.

0 comments on commit 6e213b1

Please sign in to comment.