From f924b116dbd10ce5d255e92b9d8db3941f02dfce Mon Sep 17 00:00:00 2001
From: qkqpttgf <45693631+qkqpttgf@users.noreply.github.com>
Date: Thu, 7 Oct 2021 14:32:22 +0800
Subject: [PATCH] fix XSS in random file

---
 common.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common.php b/common.php
index a09d7d4..6521b8d 100644
--- a/common.php
+++ b/common.php
@@ -389,7 +389,7 @@ function main($path)
                     $url = proxy_replace_domain($url, $domainforproxy, $header);
                 }
                 return output('', 302, $header);
-            } else return output('No ' . $_GET['random'] . 'file', 404);
+            } else return output('No ' . htmlspecialchars($_GET['random']) . 'file', 404);
         } else return output('Hidden', 401);
     }
     // is file && not preview mode, download file