Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use

This commit is contained in:
johnnyq
2022-01-01 17:02:31 -05:00
parent a70105e731
commit cf3c0a6410
6 changed files with 68 additions and 57 deletions

View File

@@ -281,10 +281,10 @@ function formatPhoneNumber($phoneNumber) {
return $phoneNumber;
}
//SESSION FINGERPRINT Removed Breaking Setup.php 2021-12-22
//$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
//$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os()));
//$session_browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
//$session_device = strip_tags(mysqli_real_escape_string($mysqli,get_device()));
function mkdir_missing($dir) {
if (!is_dir($dir)) {
mkdir($dir);
}
}
?>