yanglc
/
OneManager-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix XSS in random file

pull/440/merge
qkqpttgf 2021-10-07 14:32:22 +08:00 committed by GitHub
parent 0220c29dbf
commit f924b116db
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
common.php
View File

@ -389,7 +389,7 @@ function main($path)
$url = proxy_replace_domain($url, $domainforproxy, $header);
}
return output('', 302, $header);
} else return output('No ' . $_GET['random'] . 'file', 404);
} else return output('No ' . htmlspecialchars($_GET['random']) . 'file', 404);
} else return output('Hidden', 401);
}
// is file && not preview mode, download file