mirror of https://github.com/webbukkit/dynmap.git
Update MySQL_markers.php
cross-site scripting reflected fixed
This commit is contained in:
parent
7570cf5994
commit
b5ac020a56
|
@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
|
|||
$loggedin = true;
|
||||
}
|
||||
|
||||
$path = $_REQUEST['marker'];
|
||||
$path = htmlspecialchars($_REQUEST['marker']);
|
||||
if ((!isset($path)) || strstr($path, "..")) {
|
||||
header('HTTP/1.0 500 Error');
|
||||
echo "<h1>500 Error</h1>";
|
||||
|
|
Loading…
Reference in New Issue