mirror of
https://github.com/pi-hole/web.git
synced 2026-04-23 10:19:47 +01:00
Properly escape possible user-input
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
@@ -83,7 +83,7 @@ function check_cors() {
|
||||
$server_origin = str_replace(array("[","]","http://","https://"), array("","","",""), $server_origin);
|
||||
|
||||
if(!in_array($server_origin, $AUTHORIZED_HOSTNAMES)) {
|
||||
log_and_die("Failed CORS: " . $server_origin .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));
|
||||
log_and_die("Failed CORS: " . htmlspecialchars($server_origin) .' vs '. join(', ', $AUTHORIZED_HOSTNAMES));
|
||||
}
|
||||
header("Access-Control-Allow-Origin: ${_SERVER['HTTP_ORIGIN']}");
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user