Fix some potential security hazards

2026-04-14 12:30:49 +08:00 · 2023-05-20 00:17:17 +08:00
parent 167af06cfa
commit fa95279e66
11 changed files with 16 additions and 15 deletions
--- a/public/ipsearch.php
+++ b/public/ipsearch.php
@@ -8,7 +8,7 @@ if (!user_can('userprofile'))
 	permissiondenied();
 else
 {
-	$ip = trim($_GET['ip']);
+	$ip = htmlspecialchars(trim($_GET['ip']));
 	if ($ip)
 	{
 		$regex = "/^(((1?\d{1,2})|(2[0-4]\d)|(25[0-5]))(\.\b|$)){4}$/";