summaryrefslogtreecommitdiffstats
path: root/includes
diff options
context:
space:
mode:
authorHarald Eilertsen <haraldei@anduin.net>2022-03-10 15:35:14 +0100
committerHarald Eilertsen <haraldei@anduin.net>2022-03-10 15:35:14 +0100
commit921608c01ab530a2fbb3057e5ebbbcb2112698d4 (patch)
treeab40c83dd35228eb4bead3b537dc4757437c449a /includes
parent7c90df61ab235bc36bcf0398a39225bbf5ee8ae5 (diff)
downloadgigologadmin-921608c01ab530a2fbb3057e5ebbbcb2112698d4.tar.gz
gigologadmin-921608c01ab530a2fbb3057e5ebbbcb2112698d4.tar.bz2
gigologadmin-921608c01ab530a2fbb3057e5ebbbcb2112698d4.zip
Security: Escape imported dates before outputing in error messages.
Diffstat (limited to 'includes')
-rw-r--r--includes/admin/views/giglog_import_gigs.php5
1 files changed, 2 insertions, 3 deletions
diff --git a/includes/admin/views/giglog_import_gigs.php b/includes/admin/views/giglog_import_gigs.php
index afcc632..e68c07c 100644
--- a/includes/admin/views/giglog_import_gigs.php
+++ b/includes/admin/views/giglog_import_gigs.php
@@ -79,8 +79,7 @@ if ( !class_exists( 'GiglogAdmin_ImportGigsPage' ) ) {
//Below only checks if the date field is made of 4-2-2 digits, irregardless of their values. Actual date check is lower
if( ! preg_match("/\d{4}\-\d{2}-\d{2}/",$resultArray[3]))
{
- $importerrors.= 'Row '.$rid.' has invalid date!'.$resultArray[3]."<br>";
-
+ $importerrors.= 'Row '.$rid.' has invalid date!'.esc_html($resultArray[3])."<br>";
continue;
}
else {
@@ -99,7 +98,7 @@ if ( !class_exists( 'GiglogAdmin_ImportGigsPage' ) ) {
else {
$condate = date('Y-m-d', strtotime($resultArray[3]));
if ($condate<date("Y-m-d")) {
- $importerrors.= 'Row '.$rid.' has date in the past!' .$resultArray[3]."<br>";
+ $importerrors.= 'Row '.$rid.' has date in the past!' . esc_html($resultArray[3]) . "<br>";
continue;
}
else {