Skip to content

Commit

Permalink
fix: only URLs should be allowed
Browse files Browse the repository at this point in the history
  • Loading branch information
@thorsten
thorsten committed Aug 30, 2023
1 parent 66f1588 commit e923695
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
4 changes: 2 additions & 2 deletions phpmyfaq/admin/ajax.config_list.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,8 @@ function renderInputForm($key, $type)
$type = 'url';
break;
default:
$type = 'text';
break;
$type = 'text';
break;
}

printf(
Expand Down
7 changes: 7 additions & 0 deletions phpmyfaq/admin/configuration.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,13 @@
unset($editData['edit']['main.currentVersion']); // don't update the version number
}

if (
isset($editData['edit']['main.referenceURL']) &&
is_null(Filter::filterVar($editData['edit']['main.referenceURL'], FILTER_VALIDATE_URL))
) {
unset($editData['edit']['main.referenceURL']);
}

foreach ($editData['edit'] as $key => $value) {
// Remove forbidden characters
$newConfigValues[$key] = str_replace($forbiddenValues, '', $value);
Expand Down

0 comments on commit e923695

Please # to comment.