yetangitu/Oinktube
1
0
Fork 0
mirror of https://github.com/DanielnetoDotCom/YouPHPTube synced 2025-10-03 01:39:24 +02:00
Code Issues Releases Wiki Activity

https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw

Browse source
This commit is contained in:
Daniel Neto 2023-04-25 16:52:56 -03:00
parent f245535aad
commit 55d555de36
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
objects/security.php
View file

@ -1,7 +1,7 @@
<?php
require_once $global['systemRootPath'] . 'objects/functions.php';
// filter some security here
$securityFilter = ['jump','videoDownloadedLink','duration','error', 'msg', 'info', 'warning', 'success','toast', 'catName', 'type', 'channelName', 'captcha', 'showOnly', 'key', 'link', 'email', 'country', 'region', 'videoName'];
$securityFilter = ['jump','videoLink','videoDownloadedLink','duration','error', 'msg', 'info', 'warning', 'success','toast', 'catName', 'type', 'channelName', 'captcha', 'showOnly', 'key', 'link', 'email', 'country', 'region', 'videoName'];
$securityFilterInt = ['isAdmin', 'priority', 'totalClips', 'rowCount'];
$securityRemoveSingleQuotes = ['search', 'searchPhrase', 'videoName', 'databaseName', 'sort', 'user', 'pass', 'encodedPass', 'isAdmin', 'videoLink', 'video_password'];
$securityRemoveNonCharsStrict = ['APIName','APIPlugin'];
@ -132,7 +132,7 @@ foreach ($scanVars as $value) {
foreach ($securityFilter as $value) {
if (!empty($scanThis[$value])) {
$scanThis[$value] = str_ireplace(['\\', "--", "'", '"', "&quot;", "&#039;", "%23", "%5c", "#"], ['', '', '', '', '', '', '', '', ''], xss_esc($scanThis[$value]));
$scanThis[$value] = str_ireplace(['\\', "--", "'", '"', "&quot;", "&#039;", "%23", "%5c", "#", "`"], ['', '', '', '', '', '', '', '', '', ''], xss_esc($scanThis[$value]));
}
}