Patching minor XSS vulnerability

The update output shows the name of the current commit your local installation is on. So if a commit is named <script>alert("xss");</script>, for example, that code will execute when someone updates their installation.

Not a huge deal since we'd notice if someone made a rogue pull request with any commit names like that before ever accepting it into the repo.
This commit is contained in:
ehpersonal38
2023-03-07 18:53:58 -05:00
parent ae1e3bf96f
commit 4de5618dc4
+1 -1
View File
@@ -353,7 +353,7 @@ if(isset($_GET['view'])){
$output = implode("\n", $lines);
$results = $output;
$results = nl2br(htmlspecialchars($results));
if(strlen($results) == 0) {
$results = "This command has no output.";
}