Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-02-05 14:20:27 +01:00
Code Issues Packages Projects Releases Activity

XSS notifications via field which is always shown

Browse Source
This commit is contained in:
Andy Miller
2018-10-01 14:05:16 -06:00
parent 8733510adf
commit f497551873
4 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
classes/admincontroller.php
View File

@@ -661,10 +661,7 @@ class AdminController extends AdminBaseController
$check_what = ['header' => $data['header'], 'content' => $data['content']];
$results = Security::detectXssFromArray($check_what);
if (!empty($results)) {
$results_parts = array_map(function($value, $key) {
return $key.': \''.$value . '\'';
}, array_values($results), array_keys($results));
$this->admin->setMessage('<i class="fa fa-ban"></i> ' . sprintf($this->admin->translate('PLUGIN_ADMIN.XSS_ISSUE'), implode(', ', $results_parts)),
$this->admin->setMessage('<i class="fa fa-ban"></i> ' . $this->admin->translate('PLUGIN_ADMIN.XSS_ONSAVE_ISSUE'),
'error');
return false;
}