Merge pull request #467 from JVMerkle/xss_pull

Fix reflected XSS in bot.php
2018-04-05 20:47:48 +02:00
parent b2f8fc6b02 de040b66a5
commit b3a3cd8efe
1 changed files with 1 additions and 1 deletions
--- a/webinterface/bot.php
+++ b/webinterface/bot.php
@@ -129,7 +129,7 @@ if(isset($_POST['logfilter']) && in_array('debug', $_POST['logfilter'])) {
 	$inactivefilter .= "DEBUG,";
 }
 if(isset($_POST['logfilter'][0])) {
-	$filter2 = $_POST['logfilter'][0];
+	$filter2 = htmlspecialchars($_POST['logfilter'][0]);
 	$_SESSION[$rspathhex.'logfilter2'] = $filter2;
 }