danwin1210/le-chat-php
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't escape CSS (fixes use of html entities)

Browse Source
This commit is contained in:
Daniel Winzen
2016-09-02 10:35:18 +02:00
parent 1753606b8a
commit 8e75c36572
2 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@ -1,5 +1,6 @@
Add logout button to session view and allow unbanning kicked sessions Add logout button to session view and allow unbanning kicked sessions
Allow changing message sort direction Allow changing message sort direction
Don't escape CSS (fixes use of html entities)
Version 1.21 - Aug. 29, 2016 Version 1.21 - Aug. 29, 2016
Don't display empty option for system messages in delete messages by name Don't display empty option for system messages in delete messages by name

1
chat.php
View File

@ -3181,7 +3181,6 @@ function save_setup($C){
$_REQUEST['rulestxt']=preg_replace("/(\r?\n|\r\n?)/", '<br>', $_REQUEST['rulestxt']); $_REQUEST['rulestxt']=preg_replace("/(\r?\n|\r\n?)/", '<br>', $_REQUEST['rulestxt']);
$_REQUEST['chatname']=htmlspecialchars($_REQUEST['chatname']); $_REQUEST['chatname']=htmlspecialchars($_REQUEST['chatname']);
$_REQUEST['redirect']=htmlspecialchars($_REQUEST['redirect']); $_REQUEST['redirect']=htmlspecialchars($_REQUEST['redirect']);
$_REQUEST['css']=htmlspecialchars($_REQUEST['css']);
if(!preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['colbg'])){ if(!preg_match('/^[a-f0-9]{6}$/i', $_REQUEST['colbg'])){
unset($_REQUEST['colbg']); unset($_REQUEST['colbg']);
} }