Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixing potentiall xss in external domains list
Deploy / deploy (push) Successful in 28s
Details

Browse Source
This commit is contained in:
janis steiner
2026-05-15 10:13:23 +02:00
parent eb3ffed163
commit 37cf88a06e
4 changed files with 85 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/account/manage_domains.php
+7 -1
View File
@@ -19,6 +19,12 @@ if ($method === 'GET') {
$result = mysqli_stmt_get_result($stmt);
$domains = [];
while ($row = mysqli_fetch_assoc($result)) {
$domain = normalize_redirect_host($row['domain'] ?? '');
if ($domain === null) {
continue;
}
$row['domain'] = $domain;
$row['id'] = (int) $row['id'];
$domains[] = $row;
}
mysqli_stmt_close($stmt);
@@ -45,4 +51,4 @@ if ($method === 'GET') {
} else {
echo json_encode(['success' => false, 'message' => 'Invalid request method.'], 405);
}
?>
?>