Sanitize some output to stop XSS
parent
0e07f60722
commit
6a1c7b898a
8
add.php
8
add.php
|
@ -30,7 +30,7 @@ if($opml)
|
|||
|
||||
if(!$sfile->success)
|
||||
{
|
||||
echo "Cannot open $opml<br>";
|
||||
echo "Cannot open " . htmlentities($opml) . "<br>";
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -73,14 +73,14 @@ $add_feed_url .= "://" . $_SERVER["HTTP_HOST"] . $_SERVER["SCRIPT_NAME"];
|
|||
|
||||
When adding feeds, mark <select name="unread"><option value=today <?php if($unread == "today") echo "selected" ?> >today's</option><option value=all <?php if($unread == "all") echo "selected" ?> >all</option><option value=no <?php if($unread == "no") echo "selected" ?> >no</option></select> items as unread<br><br>
|
||||
|
||||
RSS or weblog URL: <input type="text" name="rss_url" size="40" value="<?php echo $url ?>"><input type="Submit" value="Add a feed"><br><br>
|
||||
RSS or weblog URL: <input type="text" name="rss_url" size="40" value="<?php echo htmlentities($url) ?>"><input type="Submit" value="Add a feed"><br><br>
|
||||
|
||||
OPML URL: <input type="hidden" name="MAX_FILE_SIZE" value="100000">
|
||||
|
||||
<input type="text" name="opml_url" size="40" value="<?php echo $opml ?>"><input type="Submit" value="Add feeds from OPML file on the Internet"><br><br>
|
||||
<input type="text" name="opml_url" size="40" value="<?php echo htmlentities($opml) ?>"><input type="Submit" value="Add feeds from OPML file on the Internet"><br><br>
|
||||
|
||||
<input type="hidden" name="MAX_FILE_SIZE" value="100000">
|
||||
OPML filename: <input type="file" name="opml_file" size="40" value="<?php echo $file ?>"><input type="Submit" value="Upload an OPML file">
|
||||
OPML filename: <input type="file" name="opml_file" size="40" value="<?php echo htmlentities($file) ?>"><input type="Submit" value="Upload an OPML file">
|
||||
|
||||
</form>
|
||||
|
||||
|
|
Loading…
Reference in New Issue