Pi-Hole/web
1
0
Fork 0
mirror of https://github.com/pi-hole/web.git synced 2026-04-26 19:55:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

make use of utils.escapeHtml on the JS side of things, and html_entity_decode/htmlentities in PHP

Browse Source 
Signed-off-by: Adam Warner <me@adamwarner.co.uk>
This commit is contained in:
Adam Warner
2020-06-13 18:50:36 +01:00
parent 557bd85814
commit c949516ee1
11 changed files with 67 additions and 58 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/pi-hole/php/database.php
View File

@@ -161,9 +161,9 @@ function add_to_table($db, $table, $domains, $comment=null, $wildcardstyle=false
if($wildcardstyle)
$domain = "(\\.|^)".str_replace(".","\\.",$domain)."$";
$stmt->bindValue(":$field", $domain, SQLITE3_TEXT);
$stmt->bindValue(":$field", htmlentities($domain), SQLITE3_TEXT);
if($bindcomment) {
$stmt->bindValue(":comment", $comment, SQLITE3_TEXT);
$stmt->bindValue(":comment", htmlentities($comment), SQLITE3_TEXT);
}
if($stmt->execute() && $stmt->reset())