Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-24 18:59:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request from GHSA-mhr8-7rvg-8r43

Browse Source 
* Prevent possible XSS attack vector on add_client
Update JS code to prevent possible XSS vector

Co-authored-by: Harold Kim <root@stypr.com>
Signed-off-by: Adam Warner <me@adamwarner.co.uk>

* Fix both addClient and deleteClient to prevent XSS

Signed-off-by: Harold Kim <root@stypr.com>

Co-authored-by: Harold Kim <root@stypr.com>
This commit is contained in:
Adam Warner
2021-10-23 19:26:07 +01:00
committed by GitHub
parent e53f7e674e
commit 01191c7a1b
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/pi-hole/php/groups.php
View File

@@ -347,6 +347,8 @@ if ($_POST['action'] == 'get_groups') {
}
foreach ($ips as $ip) {
// Encode $ip variable to prevent XSS
$ip = htmlspecialchars($ip);
// Silently skip this entry when it is empty or not a string (e.g. NULL)
if(!is_string($ip) || strlen($ip) == 0) {
continue;