Commit 516c858a authored by root's avatar root
Browse files

🔒 fix XSS security vulnerability

parent 5cb36fe7
......@@ -35,6 +35,7 @@ $navbar_menus = false;
if( strpos($_SERVER["PHP_SELF"], "/module/module_frame") !== false ){
if(isset($_GET["url"])){
// define module name
$_GET["url"] = htmlentities($_GET["url"]);
$ref_url = urldecode($_GET["url"]);
$ref_url = trim($ref_url, "/");
$ref_url_parts = explode("/", $ref_url);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment