Merge pull request #1 from Mik317/master

[FIX] XSS through blacklisting and htmlentities()
418sec · Aug 20, 2020 · 2c73c10 · 2c73c10
2 parents b645d2a + e3f5a5e
commit 2c73c10
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/core/class/uploader.php b/core/class/uploader.php
@@ -198,7 +198,8 @@ public function __construct() {
         // HOST APPLICATIONS INIT
         if (isset($_GET['CKEditorFuncNum'])) {
             $this->opener['name'] = "ckeditor";
-            $this->opener['CKEditor'] = array('funcNum' => $_GET['CKEditorFuncNum']);
+            $malicious = array("(", ")", ";", "=", "-", "*", "/", "+", "!", "@", "#", "%", "^", "&", "`", "'", "\"");
+            $this->opener['CKEditor'] = array('funcNum' => htmlentities(str_replace($malicious, '', $_GET['CKEditorFuncNum']), ENT_QUOTES, 'UTF-8'));
 
         } elseif (isset($_GET['opener'])) {
             $this->opener['name'] = $_GET['opener'];