Skip to content

Commit 9f796d7

Browse files
lucasalva87lucasalva87
committed
fix: sanitizzato $_GET['firstuse'] in update.php per prevenire attacchi XSS
1 parent c6d3575 commit 9f796d7

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

include/init/update.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -78,7 +78,7 @@
7878

7979
echo '
8080
<script>
81-
$("#result").load("index.php?action=do_update&firstuse='.$_GET['firstuse'].'");
81+
$("#result").load("index.php?action=do_update&firstuse='.htmlspecialchars($_GET['firstuse'], ENT_QUOTES).'");
8282
</script>';
8383
} else {
8484
// Failure

0 commit comments

Comments
 (0)