diff options
| author | Harald Eilertsen <haraldei@anduin.net> | 2022-03-10 15:35:14 +0100 |
|---|---|---|
| committer | Harald Eilertsen <haraldei@anduin.net> | 2022-03-10 15:35:14 +0100 |
| commit | 921608c01ab530a2fbb3057e5ebbbcb2112698d4 (patch) | |
| tree | ab40c83dd35228eb4bead3b537dc4757437c449a /includes | |
| parent | 7c90df61ab235bc36bcf0398a39225bbf5ee8ae5 (diff) | |
| download | gigologadmin-921608c01ab530a2fbb3057e5ebbbcb2112698d4.tar.gz gigologadmin-921608c01ab530a2fbb3057e5ebbbcb2112698d4.tar.bz2 gigologadmin-921608c01ab530a2fbb3057e5ebbbcb2112698d4.zip | |
Security: Escape imported dates before outputing in error messages.
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/admin/views/giglog_import_gigs.php | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/includes/admin/views/giglog_import_gigs.php b/includes/admin/views/giglog_import_gigs.php index afcc632..e68c07c 100644 --- a/includes/admin/views/giglog_import_gigs.php +++ b/includes/admin/views/giglog_import_gigs.php @@ -79,8 +79,7 @@ if ( !class_exists( 'GiglogAdmin_ImportGigsPage' ) ) { //Below only checks if the date field is made of 4-2-2 digits, irregardless of their values. Actual date check is lower if( ! preg_match("/\d{4}\-\d{2}-\d{2}/",$resultArray[3])) { - $importerrors.= 'Row '.$rid.' has invalid date!'.$resultArray[3]."<br>"; - + $importerrors.= 'Row '.$rid.' has invalid date!'.esc_html($resultArray[3])."<br>"; continue; } else { @@ -99,7 +98,7 @@ if ( !class_exists( 'GiglogAdmin_ImportGigsPage' ) ) { else { $condate = date('Y-m-d', strtotime($resultArray[3])); if ($condate<date("Y-m-d")) { - $importerrors.= 'Row '.$rid.' has date in the past!' .$resultArray[3]."<br>"; + $importerrors.= 'Row '.$rid.' has date in the past!' . esc_html($resultArray[3]) . "<br>"; continue; } else { |