Upstream
/
dynmap
mirror of https://github.com/webbukkit/dynmap.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update MySQL_markers.php 

cross-site scripting reflected fixed
This commit is contained in:
Michele0303 2022-08-02 19:32:21 +02:00
parent 7570cf5994
commit b5ac020a56
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DynmapCore/src/main/resources/extracted/web/standalone/MySQL_markers.php
View File

@ -19,7 +19,7 @@ if (strcmp($userid, '-guest-')) {
$loggedin = true;
}
$path = $_REQUEST['marker'];
$path = htmlspecialchars($_REQUEST['marker']);
if ((!isset($path)) || strstr($path, "..")) {
header('HTTP/1.0 500 Error');
echo "<h1>500 Error</h1>";