update function get_request to preventXSS

The XSS prevent function was created and used
This commit is contained in:
Genaro Contreras Gutierrez 2019-07-30 08:38:14 -07:00 committed by GitHub
parent 08c21fe7ca
commit 25cbb26e1d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -675,15 +675,22 @@ function get_request($attr,$type='POST',$die=false,$default=null,$preventXSS=fal
system_message(array( system_message(array(
'title'=>_('Generic Error'), 'title'=>_('Generic Error'),
'body'=>sprintf('%s: Called "%s" without "%s" using "%s"', 'body'=>sprintf('%s: Called "%s" without "%s" using "%s"',
basename($_SERVER['PHP_SELF']),get_request('cmd','REQUEST'),$attr,$type), basename($_SERVER['PHP_SELF']),get_request('cmd','REQUEST'),preventXSS($attr),preventXSS($type)),
'type'=>'error'), 'type'=>'error'),
'index.php'); 'index.php');
if(!is_null($value)) if($preventXSS && !is_null($value))
$value = htmlspecialchars(addslashes($value), ENT_QUOTES, 'UTF-8'); $value = preventXSS($value);
return $value; return $value;
} }
/** /**
* Prevent XSS function
*
*/
function preventXSS($value){
return htmlspecialchars(addslashes($value), ENT_QUOTES, 'UTF-8');
}
* Record a system message. * Record a system message.
* This function can be used as an alternative to generate a system message, if page hasnt yet been defined. * This function can be used as an alternative to generate a system message, if page hasnt yet been defined.
*/ */