Browse code

Fix XSS / repo description

Hanno authored on28/02/2019 12:18:34
Showing1 changed files
... ...
@@ -38,7 +38,7 @@ if (count($repos) == 0) {
38 38
 }
39 39
 
40 40
 foreach ($repos as $repo => $settings) {
41
-    $description = $settings['description'] ? '<br /><em>"'.$settings['description'].'"</em>' : '';
41
+    $description = $settings['description'] ? '<br /><em>"'.filter_input_general($settings['description']).'"</em>' : '';
42 42
     $url = get_git_url($repo);
43 43
     $public = isset($settings['users']['gitweb']) && $settings['users']['gitweb'] == 'R';
44 44
     $public_string = '';