Merge pull request #465 from JVMerkle/master

Fix reflected XSS in list_rankup.php
2018-04-05 20:40:14 +02:00
parent 2887620026 681cb5dfc6
commit b2f8fc6b02
1 changed files with 2 additions and 2 deletions
--- a/stats/list_rankup.php
+++ b/stats/list_rankup.php
@@ -29,13 +29,13 @@ if(!isset($_SESSION[$rspathhex.'tsuid'])) {
 }

 if(isset($_POST['username'])) {
-	$_GET["search"] = strip_tags(htmlspecialchars($_POST['usersuche']));
 	$_GET["seite"] = 1;
+	$_GET["search"] = $_POST['usersuche'];
 }
 $filter='';
 $searchstring='';
 if(isset($_GET["search"]) && $_GET["search"] != '') {
-	$getstring = $_GET['search'];
+	$getstring = htmlspecialchars($_GET['search']);
 }
 if(isset($getstring) && strstr($getstring, 'filter:excepted:')) {
 	if(str_replace('filter:excepted:','',$getstring)!='') {