PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: stored xss with wish url

Browse source
This commit is contained in:
Niklas Bittner 2024-02-16 00:51:00 +01:00 committed by Jay Trees
parent 9d3e0cc16d
commit d60c2ff432
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/classes/wishthis/Wish.php
View file

@ -208,7 +208,7 @@ class Wish
$this->title = stripslashes($wishData['title'] ?? '');
$this->description = stripslashes($wishData['description'] ?? '');
$this->image = $wishData['image'] ?? '';
$this->url = $wishData['url'] ?? '';
$this->url = htmlspecialchars($wishData['url'] ?? '', ENT_QUOTES);
$this->priority = $wishData['priority'];
$this->status = $wishData['status'];
$this->is_purchasable = $wishData['is_purchasable'];