PonyMirrors/ponepaste
1
0
Fork 0
mirror of https://github.com/Neetpone/ponepaste.git synced 2025-03-12 06:30:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix paste title XSS.

Browse source
This commit is contained in:
Floorb 2022-04-20 17:19:02 -04:00
parent 0581519eaa
commit 4183286d5a
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
theme/bulma/view.php
View file

@ -120,7 +120,7 @@ $selectedloader = "$bg[$i]"; // set variable equal to which random filename was
</span> </span>
</div> </div>
<div class="column is-4 has-text-centered"> <div class="column is-4 has-text-centered">
<h1 class="title is-6" style="margin-bottom:0;"><?= $paste['title'] ?></h1> <h1 class="title is-6" style="margin-bottom:0;"><?= pp_html_escape($paste->title); ?></h1>
<small class="title is-6 has-text-weight-normal has-text-grey"> <small class="title is-6 has-text-weight-normal has-text-grey">
By <a href="<?= urlForMember($paste->user) ?>"><?= pp_html_escape($paste->user->username) ?></a> By <a href="<?= urlForMember($paste->user) ?>"><?= pp_html_escape($paste->user->username) ?></a>
<br/> <br/>