Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-25 11:19:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Using htmlentities and rawurlencode on every output string

Browse Source 
Signed-off-by: RD WebDesign <github@rdwebdesign.com.br>
This commit is contained in:
RD WebDesign
2022-09-21 18:05:53 -03:00
parent 2d346a1bc8
commit 6e51ac3f85
1 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
scripts/pi-hole/php/update_checker.php
View File

@@ -30,9 +30,6 @@ if (!is_readable($versionsfile)) {
} else {
$versions = parse_ini_file($versionsfile);
// Allow only valid characters
$versions = preg_replace('/[^[:alnum:]._:\/-]/i', '', $versions);
// Get Pi-hole core branch / version / commit
// Check if on a dev branch
$core_branch = $versions['CORE_BRANCH'];
@@ -108,28 +105,28 @@ $webUrl = 'https://github.com/pi-hole/AdminLTE/releases';
$ftlUrl = 'https://github.com/pi-hole/FTL/releases';
$dockerUrl = 'https://github.com/pi-hole/docker-pi-hole/releases';
// Version strings
// Version strings (encoded to avoid code execution)
// If "vDev" show branch/commit, else show link
if (isset($core_commit)) {
$coreVersionStr = $core_current.' ('.$core_branch.', '.$core_commit.')';
$coreVersionStr = htmlentities($core_current.' ('.$core_branch.', '.$core_commit.')');
} else {
$coreVersionStr = '<a href="'.$coreUrl.'/'.$core_current.'" rel="noopener" target="_blank">'.$core_current.'</a>';
$coreVersionStr = '<a href="'.$coreUrl.'/'.rawurlencode($core_current).'" rel="noopener" target="_blank">'.htmlentities($core_current).'</a>';
}
if (isset($web_commit)) {
$webVersionStr = $web_current.' ('.$web_branch.', '.$web_commit.')';
$webVersionStr = htmlentities($web_current.' ('.$web_branch.', '.$web_commit.')');
} else {
$webVersionStr = '<a href="'.$webUrl.'/'.$web_current.'" rel="noopener" target="_blank">'.$web_current.'</a>';
$webVersionStr = '<a href="'.$webUrl.'/'.rawurlencode($web_current).'" rel="noopener" target="_blank">'.htmlentities($web_current).'</a>';
}
if (isset($FTL_commit)) {
$ftlVersionStr = $FTL_current.' ('.$FTL_branch.', '.$FTL_commit.')';
$ftlVersionStr = htmlentities($FTL_current.' ('.$FTL_branch.', '.$FTL_commit.')');
} else {
$ftlVersionStr = '<a href="'.$ftlUrl.'/'.$FTL_current.'" rel="noopener" target="_blank">'.$FTL_current.'</a>';
$ftlVersionStr = '<a href="'.$ftlUrl.'/'.rawurlencode($FTL_current).'" rel="noopener" target="_blank">'.htmlentities($FTL_current).'</a>';
}
if ($docker_current) {
$dockerVersionStr = '<a href="'.$dockerUrl.'/'.$docker_current.'" rel="noopener" target="_blank">'.$docker_current.'</a>';
$dockerVersionStr = '<a href="'.$dockerUrl.'/'.rawurlencode($docker_current).'" rel="noopener" target="_blank">'.htmlentities($docker_current).'</a>';
} else {
$dockerVersionStr = '';
}