FbIN/htmly
1
0
Fork 0
mirror of https://github.com/danpros/htmly.git synced 2026-04-19 20:16:22 +05:30
Code Issues Projects Releases Packages Wiki Activity

CVE-2019-8349 XSS vulnerabilities fix

Browse source
This commit is contained in:
danpros 2020-05-06 13:06:59 +07:00
commit ec1cf1d303
19 changed files with 31 additions and 190 deletions
Download patch file Download diff file Expand all files Collapse all files

9
system/includes/functions.php
View file

@ -1816,7 +1816,6 @@ function social($imgDir = null)
{
$twitter = config('social.twitter');
$facebook = config('social.facebook');
$google = config('social.google');
$tumblr = config('social.tumblr');
$rss = site_url() . 'feed/rss';
@ -1832,10 +1831,6 @@ function social($imgDir = null)
echo '<a href="' . $facebook . '" target="_blank"><img src="' . site_url() . 'themes/' . $imgDir . 'facebook.png" width="32" height="32" alt="Facebook"/></a>';
}
if (!empty($google)) {
echo '<a href="' . $google . '" target="_blank"><img src="' . site_url() . 'themes/' . $imgDir . 'googleplus.png" width="32" height="32" alt="Google+"/></a>';
}
if (!empty($tumblr)) {
echo '<a href="' . $tumblr . '" target="_blank"><img src="' . site_url() . 'themes/' . $imgDir . 'tumblr.png" width="32" height="32" alt="Tumblr"/></a>';
}
@ -2164,7 +2159,7 @@ EOF;
EOF;
}
if (isset($_GET['search'])) {
$search = $_GET['search'];
$search = _h($_GET['search']);
$url = site_url() . 'search/' . remove_accent($search);
header("Location: $url");
}
@ -3212,7 +3207,7 @@ function get_language()
$langID = config('language');
$langFile = 'lang/'. $langID . '.ini';
$local = strtolower($langID);
$local = $langID;
// Settings for the language
if (!isset($langID) || config('language') === 'en') {