Merge pull request #642 from wrongecho/stricter-input-validation-theme-tags

Add stronger input validation/output escaping
2026-02-28 02:44:53 +00:00 · 2023-03-05 19:31:22 +00:00
parent ff18e704c8 2210ad9f3e
commit 9a3266190c
8 changed files with 42 additions and 42 deletions
--- a/post.php
+++ b/post.php
@@ -870,7 +870,7 @@ if(isset($_POST['edit_theme_settings'])){

    validateAdminRole();

-    $theme = sanitizeInput($_POST['theme']);
+    $theme = preg_replace("/[^0-9a-zA-Z-]/", "", sanitizeInput($_POST['theme']));

    mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = $session_company_id");