Properly escape possible user-input

Signed-off-by: DL6ER <dl6er@dl6er.de>
2026-04-23 10:19:47 +01:00 · 2021-02-03 14:01:43 +01:00
parent 6ff083a7f9
commit 22d7df9116
1 changed files with 1 additions and 1 deletions
--- a/scripts/pi-hole/php/auth.php
+++ b/scripts/pi-hole/php/auth.php
@@ -83,7 +83,7 @@ function check_cors() {
        $server_origin = str_replace(array("[","]","http://","https://"), array("","","",""), $server_origin);

        if(!in_array($server_origin, $AUTHORIZED_HOSTNAMES)) {
-            log_and_die("Failed CORS: " . $server_origin .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));
+            log_and_die("Failed CORS: " . htmlspecialchars($server_origin) .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));
        }
        header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
    }