修复 道具的XSS漏洞一处

This commit is contained in:
Comsenz 2017-03-17 12:56:58 +08:00
parent 91d2d8320f
commit 8c8181f270
1 changed files with 5 additions and 5 deletions

View File

@ -38,13 +38,13 @@ class magic_doodle {
function show() {
global $_G;
magicshowtips(lang('magic/doodle', 'doodle_info'));
echo <<<SCRIPT
echo '
<p>
<input type="hidden" name="showid" value="$_GET[showid]" />
<input type="hidden" name="mtarget" value="$_GET[target]" />
<input type="hidden" name="from" value="$_GET[from]" />
<input type="hidden" name="showid" value="'.htmlspecialchars($_GET[showid]).'" />
<input type="hidden" name="mtarget" value="'.htmlspecialchars($_GET[target]).'" />
<input type="hidden" name="from" value="'.htmlspecialchars($_GET[from]).'" />
</p>
SCRIPT;
';
}
}