AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Strip slashes on user agent and ip to prevent user header modification for XSS attack in API logging

Browse Source
This commit is contained in:
johnnyq
2022-02-04 16:55:45 -05:00
parent 338c991d21
commit be0778ab84
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/v1/validate_api_key.php
View File

@@ -7,9 +7,9 @@ include(__DIR__ . "../../../config.php");
header('Content-Type: application/json');
// Get user IP
$ip = mysqli_real_escape_string($mysqli,get_ip());
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
// Get user agent
$user_agent = mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']);
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
// Setup return array
$return_arr = array();