AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove some tags there and here some more output formatting all thanks to the great security researcher @indevi0us for pointing these out to us.

Browse Source
This commit is contained in:
johnnyq
2022-12-21 21:31:51 -05:00
parent 9036fe6853
commit 2a16b6d2ae
45 changed files with 150 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
client_documents.php
View File

@@ -11,7 +11,7 @@ if(!empty($_GET['folder_id'])){
// Sort by
if(!empty($_GET['sb'])){
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
$sb = strip_tags(mysqli_real_escape_string($mysqli,$_GET['sb']));
}else{
$sb = "document_name";
}
@@ -130,7 +130,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
<input type="hidden" name="client_id" value="<?php echo intval($client_id); ?>">
<input type="hidden" name="folder_id" value="<?php echo $get_folder_id; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search Documents">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){ echo stripslashes(htmlentities($q)); } ?>" placeholder="Search Documents">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>