mirror of
https://github.com/itflow-org/itflow
synced 2026-03-01 03:14:52 +00:00
Add stronger input validation/output escaping for theme, tags and categories vars
This commit is contained in:
@@ -1,5 +1,5 @@
|
|||||||
<!-- Main Sidebar Container -->
|
<!-- Main Sidebar Container -->
|
||||||
<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
|
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
|
||||||
|
|
||||||
<!-- Sidebar -->
|
<!-- Sidebar -->
|
||||||
<div class="sidebar">
|
<div class="sidebar">
|
||||||
|
|||||||
@@ -36,5 +36,5 @@ header("X-Frame-Options: DENY");
|
|||||||
<script src="plugins/toastr/toastr.min.js"></script>
|
<script src="plugins/toastr/toastr.min.js"></script>
|
||||||
|
|
||||||
</head>
|
</head>
|
||||||
<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo $config_theme; ?>">
|
<body class="hold-transition sidebar-mini layout-fixed accent-<?php echo htmlentities($config_theme); ?>">
|
||||||
<div class="wrapper text-sm">
|
<div class="wrapper text-sm">
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
<?php
|
<?php
|
||||||
$name = sanitizeInput($_POST['name']);
|
$name = sanitizeInput($_POST['name']);
|
||||||
$type = sanitizeInput($_POST['type']);
|
$type = sanitizeInput($_POST['type']);
|
||||||
$color = sanitizeInput($_POST['color']);
|
$color = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['color']));
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
$name = sanitizeInput($_POST['name']);
|
$name = sanitizeInput($_POST['name']);
|
||||||
$type = intval($_POST['type']);
|
$type = intval($_POST['type']);
|
||||||
$color = sanitizeInput($_POST['color']);
|
$color = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['color']));
|
||||||
$icon = sanitizeInput($_POST['icon']);
|
$icon = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['icon']));
|
||||||
|
|||||||
2
post.php
2
post.php
@@ -870,7 +870,7 @@ if(isset($_POST['edit_theme_settings'])){
|
|||||||
|
|
||||||
validateAdminRole();
|
validateAdminRole();
|
||||||
|
|
||||||
$theme = sanitizeInput($_POST['theme']);
|
$theme = preg_replace("/[^0-9a-zA-Z_]/", "", sanitizeInput($_POST['theme']));
|
||||||
|
|
||||||
mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = $session_company_id");
|
mysqli_query($mysqli,"UPDATE settings SET config_theme = '$theme' WHERE company_id = $session_company_id");
|
||||||
|
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
<!-- Main Sidebar Container -->
|
<!-- Main Sidebar Container -->
|
||||||
<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
|
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
|
||||||
|
|
||||||
<!-- Sidebar -->
|
<!-- Sidebar -->
|
||||||
<div class="sidebar">
|
<div class="sidebar">
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
<!-- Main Sidebar Container -->
|
<!-- Main Sidebar Container -->
|
||||||
<aside class="main-sidebar sidebar-dark-<?php echo $config_theme; ?> d-print-none">
|
<aside class="main-sidebar sidebar-dark-<?php echo htmlentities($config_theme); ?> d-print-none">
|
||||||
|
|
||||||
<!-- Sidebar -->
|
<!-- Sidebar -->
|
||||||
<div class="sidebar">
|
<div class="sidebar">
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
<!-- Navbar -->
|
<!-- Navbar -->
|
||||||
<nav class="main-header navbar navbar-expand navbar-<?php echo $config_theme; ?> navbar-dark">
|
<nav class="main-header navbar navbar-expand navbar-<?php echo htmlentities($config_theme); ?> navbar-dark">
|
||||||
|
|
||||||
<!-- Left navbar links -->
|
<!-- Left navbar links -->
|
||||||
<ul class="navbar-nav">
|
<ul class="navbar-nav">
|
||||||
|
|||||||
Reference in New Issue
Block a user