Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix xss in send_to

Browse Source 
fixing a major security vulnerability which allowed attackers to execute javascript via the send_to parameter
This commit is contained in:
Janis Steiner
2026-04-19 19:00:13 +02:00
committed by GitHub
parent 17c2fbccb3
commit d0e8f692c6
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app-code/api/login/redirect.php
+1 -1
View File
@@ -5,7 +5,7 @@ header('Content-Type: application/json');
include "../utils/get_location.php"; include "../utils/get_location.php";
$send_to=$_SESSION["end_url"]; $send_to=$_SESSION["end_url"];
$send_to = htmlspecialchars(str_replace([':', ';', 'script', 'java','(',')'],'',$send_to));
include "../../config/config.php"; include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE); $conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);