From 410f5389ae90e1c219b097b051aaa9922e73efd5 Mon Sep 17 00:00:00 2001 From: Andrew Manning Date: Sun, 12 Jun 2016 07:17:23 -0400 Subject: Apply purify_html to page content before preview and save to prevent JavaScript code injection. --- include/wiki.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/wiki.php') diff --git a/include/wiki.php b/include/wiki.php index f0785d549..4aa3fc1b4 100644 --- a/include/wiki.php +++ b/include/wiki.php @@ -279,7 +279,7 @@ function wiki_page_history($arr) { function wiki_save_page($arr) { $pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : ''); - $content = ((array_key_exists('content',$arr)) ? $arr['content'] : ''); + $content = ((array_key_exists('content',$arr)) ? purify_html($arr['content']) : ''); $resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : ''); $w = wiki_get_wiki($resource_id); if (!$w['path']) { -- cgit v1.2.3